642-545 exam
Posted by 328203147 | Filed under Uncategorized
VUE/Prometric Code: 642-545
Exam Name: Implementing Cisco Security Monitoring,Analysis and Response System Certification
1. Which three statements are true about Cisco Security MARS rules? (Choose three.)
A. There are three types of rules.
B. Rules can be saved as reports.
C. Rules can be deleted.
D. Rules trigger incidents.
E. Rules can be defined using a seed file.
F. Rules can be created using a query.
Answer: ADF
2. Which action enables the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely, or by just logging them to the database?
A. creating system inspection rules using the drop operation
B. creating drop rules
C. inactivating the rules
D. inactivating the events
E. deleting the false-positive events from the Incidents page
F. deleting the false-positive events from the Event Management page
Answer: B
3. Which two configuration options enable the Cisco Security MARS appliance to perform mitigation? (Choose two.)
A. SNMP RW community string
B. Cisco Security MARS integration with Cisco Security Manager
C. Telnet or SSH access type with SNMP RO community
D. a NetFlow device added in the Cisco Security MARS database
E. SSL communications with the network devices
Answer: AC
4. What is a supported mitigation feature on the Cisco Security MARS appliance?
A. generating and pushing configuration commands to Layer 3 devices
B. generating and pushing configuration commands to Layer 2 devices
C. automatically dropping all suspected traffic at the nearest IPS appliance
D. storing and identifying NetFlow data for attack mitigation
Answer: B
5. What are the two options for handling false-positive events reported by the Cisco Security MARS appliance? (Choose two.)
A. archive to NFS only
B. save as a false-positive report
C. drop
D. mitigate at Layer 2
E. log to the database only
F. escalate to the Cisco Security MARS administrator
Answer: CE
Tags: 642-545
