Cisco 642-544 Exam – Supporting Cisco Data Center System Devices

Cisco, others Comments Off

No doubt,Cisco 642-544 exam is worth challenging task but you should not feel hesitant against the confronting difficulties. Get a complete hold on Cisco 642-544 exam syllabus through Flydumps training and boost up your skills.What’s more,all the brain dumps are the latest.

Exam A QUESTION 1
LAB

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 2
LAB A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 3
Drop

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center

QUESTION 4
What will happen if you try to run a Cisco Security MARS query that will take a long time to complete?
A. After submitting the query, the Cisco Security MARS GUI screen will be locked up until the query is completed.
B. The query will be automatically saved as a rule.
C. The query will be automatically saved as a report.
D. You will be prompted to “Submit Batch” to run the query in batch mode.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 5
The Cisco Security MARS appliance supports which protocol for data archiving and restoring?
A. NFS
B. TFTP
C. FTP
D. Secure FTP
E. SSH

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 6
What is a benefit of using the dollar variable (as in $TARGET01) when creating queries in Cisco Security MARS?
A. The dollar variable enables multiple queries to reference the same common 5-tuple information using a variable.
B. The dollar variable ensures that the probes and attacks that are reported are happening to the same host.
C. The dollar variable allows matching of any unknown reporting device.
D. The dollar variable allows matching of any event type groups.
E. The dollar variable enables the same query to be applied to different reports.
F. The dollar variable enables the same query to be applied to different cases.

Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 7
A Cisco Security MARS appliance cannot access certain devices through the default gateway. Troubleshooting has determined that this is a Cisco Security MARS configuration issue. Which additional Cisco Security MARS configuration will be required to correct this issue?
A. use the Cisco Security MARS GUI or CLI to enable a dynamic routing protocol
B. use the Cisco Security MARS CLI to add a static route
C. use the Cisco Security MARS GUI to configure multiple default gateways
D. use the Cisco Security MARS GUI or CLI to configure multiple default gateways

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 8
What are three ways to add devices to the Cisco Security MARS appliance? (Choose three.)
A. import the devices from CiscoWorks
B. import the devices from Cisco Security Manager
C. load the devices from seed files
D. use SNMP auto discovery
E. use CDP to automatically discover the neighboring devices
F. manually add the devices, one at a time

Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
QUESTION 9
LAB A.

B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 10
Which action enables the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely, or by just logging them to the database?
A. creating system inspection rules using the drop operation
B. creating drop rules
C. inactivating the rules
D. inactivating the events
E. deleting the false-positive events from the Incidents page
F. deleting the false-positive events from the Event Management page

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 11
Which three statements are true about Cisco Security MARS rules? (Choose three.)
A. There are three types of rules.
B. Rules can be saved as reports.
C. Rules can be deleted.
D. Rules trigger incidents.
E. Rules can be defined using a seed file.
F. Rules can be created using a query.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 12
Which of the following alert actions can be transmitted to a user as notification that a Cisco Security MARS rule has fired, and that an incident has been logged? (Choose two.)
A. Distributed Threat Mitigation
B. Short Message Service
C. SNMP trap
D. XML notification
E. syslog
F. OPSEC-LEA (clear and encrypted)

Correct Answer: ADF Section: (none) Explanation
Explanation/Reference:
QUESTION 13
To configure a Microsoft Windows IIS server to publish logs to the Cisco
Security MARS, which log agent is installed and configured on the Microsoft Windows IIS server?

A. pnLog agent
B. Cisco Security MARS agent
C. SNARE
D. None. Cisco Security MARS is an agentless device.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 14
What three data points are used to correlate reports in the Cisco Security MARS? (Choose three.)
A. Maximum Rank Returned
B. Query Criterion
C. View Type
D. Order/Rank By
E. Incident Type
F. Period of Time

Correct Answer: C Section: (none) Explanation
Explanation/Reference: QUESTION 15
Refer to the exhibit.
The Service variables defined are used for what purpose?
A. for Event Groups creation
B. for Query/Reports and Rules creation
C. for IP Management Groups creation
D. for NetFlow Events Management
E. for Data Reduction

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 16
Refer to the Cisco Security MARS Event Management partial screen shown above. Which two statements are correct? (Choose two) A. Event ID 1104001 is a low-severity event.

B. Event ID 1104001 is triggered if ALL of the syslog messages under the Device Event ID column are received by the Cisco Security MARS within a predefined time frame.
C. Event ID 1104001 belongs in an event group that includes generic informational events from firewalls.
D. PIX and FWSM syslog messages (104001) are normalized into a single event (Event ID 1104001).
E. Info/Misc/FW is a user-defined rule that normalizes events into a single event.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 17
LAB

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 18
When adding a device to the Cisco Security MARS appliance, what is the reporting IP address of the device?
A. the source IP address that sends syslog information to the Cisco Security MARS appliance
B. the IP address that Cisco Security MARS uses to access the device via SNMP
C. the IP address that Cisco Security MARS uses to access the device via Telnet or SSH
D. the pre-NAT IP address of the device

Correct Answer: Section: (none) Explanation
Explanation/Reference:
Answer: Check certifyme eEngine, Download from Member Center
QUESTION 19
Which statement is true about the case management feature of Cisco Security MARS?
A. Cases are created on a global controller, but they can be viewed and modified on a local controller.
B. The global controller has a Case bar and all cases are selected from the Query/Reports > Cases page.
C. Cases are created on a local controller, but they can be viewed and modified on a global controller.
D. The Cases page on a local controller has an additional drop-down filter to display cases per a global controller.

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 20
What is a zone?
A. A zone represents all the local controllers each global controller is monitoring.
B. A zone is a logical partition within a local controller. Configuring zones allows the local controller to scale to cover large networks.
C. A zone is an area of a customer network related to one local controller. Each local controller represents a specific zone.
D. Each zone within the global controller is configured and managed independently.
E. Each zone within the local controller is configured and managed independently.

Correct Answer: C Section: (none) Explanation

All our Cisco products are up to date! When you buy any Cisco 642-544  product from Certpaper, as “Cisco 642-544  Questions & Answers with explanations”, you are automatically offered the Cisco 642-544  updates for a total of 90 days from the day you bought it. If you want to renew your Cisco 642-544  purchase during the period of these 90 days, your Cisco 642-544 product is renewed and you are further enabled to enjoy the free Cisco updates.

Author

Back to Top