New Updated Cisco 642-545 Exam Questions And Answers

Flydumps Cisco 642-545 exam questions and answers in PDF are prepared by our expert, Moreover, they are based on the recommended syllabus covering all the Cisco 642-545 exam objectives.You will find them to be very helpful and precise in the subject matter since all the Cisco 642-545 exam content is regularly updated and has been checked for accuracy by our team of Microsoft expert professionals.

Exam A
QUESTION 1
The Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) is an appliance-based, all-inclusive solution that provides unmatched insight and control of your existing security deployment. Which three items are correct with regard to Cisco Security MARS rules? (Choose three.)
A. There are three types of rules.
B. Rules can be deleted.
C. Rules can be created using a query.
D. Rules trigger incidents.

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 2
Which three benefits are of deploying Cisco Security MARS appliances by use of the global and local controller architecture? (Choose three.)
A. A global controller can provide a summary of all local controllers information (network topologies, incidents, queries, and reports results).
B. A global controller can provide a central point for creating rules and queries, which are applied simultaneously to multiple local controllers.
C. A global controller can correlate events from multiple local controllers to perform global sessionizations.
D. Users can seamlessly navigate to any local controller from the global controller GUI.

Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 3
Which item is the best practice to follow while restoring archived data to a Cisco Security MARS appliance?
A. Use Secure FTP to protect the data transfer.
B. Use “mode 5” restore from the Cisco Security MARS CLI to provide enhanced security during the data transfer.
C. Choose Admin > System Maintenance > Data Archiving on the Cisco Security MARS GUI to perform the restore operations on line.
D. To avoid problems, restore only to an identical or higher-end Cisco Security MARS appliance.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 4
A Cisco Security MARS appliance can’t access certain devices through the default gateway. Troubleshooting has determined that this is a Cisco Security MARS configuration issue. Which additional Cisco Security MARS configuration will be required to correct this issue?
A. Use the Cisco Security MARS GUI to configure multiple default gateways
B. Use the Cisco Security MARS GUI or CLI to configure multiple default gateways C. Use the Cisco Security MARS GUI or CLI to enable a dynamic routing protocol D. Use the Cisco Security MARS CLI to add a static route

Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 5
Which two options are for handling false-positive events reported by the Cisco Security MARS appliance? (Choose two.)
A. mitigate at Layer 2
B. archive to NFS only
C. drop PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-545
D. log to the database only

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 6
What is the reporting IP address of the device while adding a device to the Cisco Security MARS appliance?
A. The source IP address that sends syslog information to the Cisco Security MARS appliance
B. The pre-NAT IP address of the device
C. The IP address that Cisco Security MARS uses to access the device via SNMP
D. The IP address that Cisco Security MARS uses to access the device via Telnet or SSH

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Which statement best describes the case management feature of Cisco Security MARS?
A. It is used to conjunction with the Cisco Security MARS incident escalation feature for incident reporting
B. It is used to capture, combine and preserve user-selected Cisco Security MARS data within a specialized report
C. It is used to automatically collect and save information on incidents, sessions, queries and reports dynamically without user interventions
D. It is used to very quickly evaluate the state of the network

Correct Answer: B Section: (none) Explanation Explanation/Reference:
QUESTION 8
Which two configuration tasks are needed on the Cisco Security MARS for it to receive syslog messages relayed from a syslog relay server? (Choose two.)
A. Define the syslog relay collector.
B. Add the syslog relay server application to Cisco Security MARS as Generic Syslog Relay Any.
C. Define the syslog relay source list.
D. Add the reporting devices monitored by the syslog relay server to Cisco Security MARS.

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 9
Here is a question that you need to answer. You can click on the Question button to the left to view the question and click on the MARS GUI Screen button to the left to capture the MARS GUI screen in order to answer the question. While viewing the GUI screen capture, you can view the complete screen by use of the left/right scroll bar on the bottom of the GUI screen. Choose the correct answer from among the options. What actions will you take to configure the MARS appliance to send out an alert when the system rule fires according to the MARS GUI screen shown?

PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-545
A. Click “Edit” to edit the “Operation” field of the rule, select the appropriate alert option(s), then apply.
B. Click on “None” in the “Action” field, select the appropriate alerts, then apply.
C. Click “Edit” to edit the “Reported User” field of the rule, select the appropriate alert option(s), then apply.
D. Click on “Active” in the “Status” field, select the appropriate alerts, then apply.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 10
Which action enables the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely or by just logging them to the database?
A. Inactivating the rules
B. Creating system inspection rules using the drop operation
C. Deleting the false-positive events from the events management page
D. Creating drop rules

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 11
In order to enable the Cisco Security MARS appliance to perform mitigation, which two configuration options are correct? (Choose two.)
A. SNMP RW community string
B. A NetFlow device added in the Cisco Security MARS database
C. Telnet or SSH access type with SNMP RO community
D. SSL communications with the network devices

Correct Answer: AC Section: (none) Explanation
Explanation/Reference:
QUESTION 12
Which two alert actions can notify a user that a Cisco Security MARS rule has fired, and that an incident has been logged? (Choose two.)
A. syslog
B. Short Message Service
C. OPSEC-LEA (clear and encrypted)
D. XML notification

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Which additional steps should you take after manually adding the BR-FW-1 device shown in the MARS GUI screen?
PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-545 A. Click “Submit” to enable the device.

B. Click “Submit” to test access to the device, When access is successful. Click “Activate” to activate the device.
C. Click “Activate” to activate the device, then click “Submit” to save the device configuration.
D. Click “Discover” to initiate manual discovery. When discovery is completed, click “Submit”, then “Activate.”

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 14
Which of the following alert actions can be transmitted to a use as notification that a Cisco Security MARS rule has fired and that an incident has been logged? (Choose two.)
A. Syslog
B. OPSEC-LEA (Clear and encrypted)
C. Short Message Service
D. XML notification

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Which three items are true with regard to the Cisco Security MARS syslog forwarding feature for relaying
the received syslog data to a syslog server? (Choose three.)
A. The configured collector is a designated host that receives a syslog message but the collector does not relay it to another host.
B. Cisco Security MARS can forward alert data to multiple collector IP addresses.
C. Syslog forwarding is disabled until you specify the collector and at least one source host.
D. The pnparser service should be running for the syslog forwarding feature to work. PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-545

Correct Answer: ACD Section: (none) Explanation
Explanation/Reference:
QUESTION 16
Which incident type is pushed from a local controller to a global controller?
A. Incidents on the local controller triggered by predefined system rules
B. Any incidents on the local controller
C. Incidents on the local controller triggered by local rules
D. True positive incidents on the local controller

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 17
Most SIM offerings are software based and designed to operate on standard hardware platforms; however, recently a wave of optimized appliances tuned for performance has entered the market. Which of the following options are the functions of SIMs?
A. Collect event data from reporting sources
B. Store data for analysis, reporting, and archiving
C. Correlate the data to show relationships
D. Present the data for analysis
E. Report on, alarm on, and/or notify about the data

Correct Answer: ABCDE Section: (none) Explanation
Explanation/Reference:
QUESTION 18
Which statement about the Cisco Security MARS maintenance procedure is true?
A. No new events can be logged when the Cisco Security MARS local database reaches its maximum storage capacity.
B. If the archive is generated with one release of software, then the restore has to be done with the same version of software.
C. Cisco Security MARS disk drives are not hot-swappable.
D. Cisco Security MARS audit logs can be exported to a centralized server for the consolidation and protection of the log data.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Study the exhibit carefully. Which icon can be chosen to generate the access rules information displayed toward the bottom of the screen?

PassGuide.com-Make You Succeed To Pass IT Exams PassGuide 642-545
A. Incident Vector icon
B. Security Manager Policy Table Lookup icon
C. ISR Device Manager Policy icon
D. Raw Events icon

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Global Controller is a master unit that allows for global management of one or more Local Controllers. Is correct?
A. Correct
B. False

Correct Answer: A Section: (none) Explanation
Explanation/Reference:

Whenever Cisco candidates take a tour of sample questions of Cisco 642-545  exam they find their training to be matchless to great extent. Passing the Cisco 642-545 on your own can be a difficult task, but with Cisco 642-545  preparation products, many candidates who appeared online passed Cisco 642-545 easily.