642-545 - Implementing Cisco Security Monitoring, Analysis and Response System Exam

Go back to Cisco

Example Questions

Most SIM offerings are software based and designed to operate on standard hardware platforms; however, recently a wave of optimized appliances tuned for performance has entered the market. Which of the following options are the functions of SIMs? What is the reporting IP address of the device while adding a device to the Cisco Security MARS appliance? Which of the following alert actions can be transmitted to a use as notification that a Cisco Security MARS rule has fired and that an incident has been logged? (Choose two.) In order to enable the Cisco Security MARS appliance to perform mitigation, which two configuration options are correct? (Choose two.) Which action enables the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely or by just logging them to the database? Which three items are true with regard to the Cisco Security MARS syslog forwarding feature for relaying the received syslog data to a syslog server? (Choose three.) Which incident type is pushed from a local controller to a global controller? The Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) is an appliance-based, all-inclusive solution that provides unmatched insight and control of your existing security deployment. Which three items are correct with regard to Cisco Security MARS rules? (Choose three.) Which two configuration tasks are needed on the Cisco Security MARS for it to receive syslog messages relayed from a syslog relay server? (Choose two.) Which three benefits are of deploying Cisco Security MARS appliances by use of the global and local controller architecture? (Choose three.) Which item is the best practice to follow while restoring archived data to a Cisco Security MARS appliance? Which two alert actions can notify a user that a Cisco Security MARS rule has fired, and that an incident has been logged? (Choose two.) Which statement best describes the case management feature of Cisco Security MARS? Which two options are for handling false-positive events reported by the Cisco Security MARS appliance? (Choose two.) Which statement about the Cisco Security MARS maintenance procedure is true? A Cisco Security MARS appliance can't access certain devices through the default gateway. Troubleshooting has determined that this is a Cisco Security MARS configuration issue. Which additional Cisco Security MARS configuration will be required to correct this issue?