Newest PDF And VCE Cisco 642-544 Exam Dumps With New Added Questions

Flydumps Cisco 642-544 exam questions and answers in PDF are prepared by our expert, Moreover,they are based on the recommended syllabus covering all the Cisco 642-544 exam objectives.You will find them to be very helpful and precise in the subject matter since all the Microsoft Cisco 642-544  exam content is regularly updated and has been checked for accuracy by our team of Microsoft expert professionals.

Exam A
QUESTION 1
What will happen if you try to run a Cisco Security MARS query that will take a long time to complete?
A. After submitting the query, the Cisco Security MARS GUI screen will be locked up until the query is completed.
B. The query will be automatically saved as a rule.
C. The query will be automatically saved as a report.
D. You will be prompted to “Submit Batch” to run the query in batch mode.

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 2
The Cisco Security MARS appliance supports which protocol for data archiving and restoring?
A. NFS
B. TFTP
C. FTP
D. Secure FTP
E. SSH

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 3
What is a benefit of using the dollar variable (as in $TARGET01) when creating queries in Cisco Security MARS?
A. The dollar variable enables multiple queries to reference the same common 5-tuple information using a variable.
B. The dollar variable ensures that the probes and attacks that are reported are happening to the same host.
C. The dollar variable allows matching of any unknown reporting device.
D. The dollar variable allows matching of any event type groups.
E. The dollar variable enables the same query to be applied to different reports.
F. The dollar variable enables the same query to be applied to different cases.

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 4
A Cisco Security MARS appliance cannot access certain devices through the default gateway. Troubleshooting has determined that this is a Cisco Security MARS configuration issue.
Which additional Cisco Security MARS configuration will be required to correct this issue?
A. use the Cisco Security MARS GUI or CLI to enable a dynamic routing protocol
B. use the Cisco Security MARS CLI to add a static route
C. use the Cisco Security MARS GUI to configure multiple default gateways
D. use the Cisco Security MARS GUI or CLI to configure multiple default gateways

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 5
What are three ways to add devices to the Cisco Security MARS appliance? (Choose three.)
A. import the devices from CiscoWorks
B. import the devices from Cisco Security Manager
C. load the devices from seed files
D. use SNMP auto discovery
E. use CDP to automatically discover the neighboring devices
F. manually add the devices, one at a time

Correct Answer: CDF Section: (none) Explanation
Explanation/Reference:
QUESTION 6
Which action enables the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely, or by just logging them to the database?
A. creating system inspection rules using the drop operation
B. creating drop rules
C. inactivating the rules
D. inactivating the events
E. deleting the false-positive events from the Incidents page
F. deleting the false-positive events from the Event Management page

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 7
Drop A. Interface Setting

B. Access IP
C. Reporting IP
D. Access Type

Correct Answer: ABCD Section: (none) Explanation
Explanation/Reference:
QUESTION 8
Which three statements are true about Cisco Security MARS rules? (Choose three.)
A. There are three types of rules.
B. Rules can be saved as reports.
C. Rules can be deleted.
D. Rules trigger incidents.
E. Rules can be defined using a seed file.
F. Rules can be created using a query.
Correct Answer: ADF Section: (none) Explanation

Explanation/Reference:
QUESTION 9
Which of the following alert actions can be transmitted to a user as notification that a Cisco Security MARS rule has fired, and that an incident has been logged? (Choose two.)
A. Distributed Threat Mitigation
B. Short Message Service
C. SNMP trap
D. XML notification
E. syslog
F. OPSEC-LEA (clear and encrypted)

Correct Answer: BD Section: (none) Explanation
Explanation/Reference:
QUESTION 10
To configure a Microsoft Windows IIS server to publish logs to the Cisco Security MARS, which log agent is installed and configured on the Microsoft Windows IIS server?
A. pnLog agent
B. Cisco Security MARS agent
C. SNARE
D. None. Cisco Security MARS is an agentless device.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 11
What three data points are used to correlate reports in the Cisco Security MARS? (Choose three.)
A. Maximum Rank Returned
B. Query Criteria
C. View Type
D. Order/Rank By
E. Incident Type
F. Period of Time

Correct Answer: BCF Section: (none) Explanation
Explanation/Reference:
QUESTION 12
Refer to the exhibit.
The Service variables defined are used for what purpose?

A. for Event Groups creation
B. for Query/Reports and Rules creation
C. for IP Management Groups creation
D. for NetFlow Events Management
E. for Data Reduction

Correct Answer: AB Section: (none) Explanation
Explanation/Reference:
QUESTION 13
Refer to the Cisco Security MARS Event Management partial screen shown above. Which two statements are correct? (Choose two) A. Event ID 1104001 is a low-severity event.

B. Event ID 1104001 is triggered if ALL of the syslog messages under the Device Event ID column are received by the Cisco Security MARS within a predefined time frame.
C. Event ID 1104001 belongs in an event group that includes generic informational events from firewalls.
D. PIX and FWSM syslog messages (104001) are normalized into a single event (Event ID 1104001).
E. Info/Misc/FW is a user-defined rule that normalizes events into a single event.

Correct Answer: CD Section: (none) Explanation
Explanation/Reference:
QUESTION 14
When adding a device to the Cisco Security MARS appliance, what is the reporting IP address of the device?
A. the source IP address that sends syslog information to the Cisco Security MARS appliance
B. the IP address that Cisco Security MARS uses to access the device via SNMP
C. the IP address that Cisco Security MARS uses to access the device via Telnet or SSH
D. the pre-NAT IP address of the device

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 15
Which statement is true about the case management feature of Cisco Security MARS?
A. Cases are created on a global controller, but they can be viewed and modified on a local controller.
B. The global controller has a Case bar and all cases are selected from the Query/Reports > Cases page.
C. Cases are created on a local controller, but they can be viewed and modified on a global controller.
D. The Cases page on a local controller has an additional drop-down filter to display cases per a global controller.

Correct Answer: C Section: (none) Explanation Explanation/Reference:
QUESTION 16
What is a zone?
A. A zone represents all the local controllers each global controller is monitoring.
B. A zone is a logical partition within a local controller. Configuring zones allows the local controller to scale to cover large networks.
C. A zone is an area of a customer network related to one local controller. Each local controller represents a specific zone.
D. Each zone within the global controller is configured and managed independently.
E. Each zone within the local controller is configured and managed independently.

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
QUESTION 17
What protocol does Juniper NetScreen IDP use to exchange IPS events with the Cisco Security MARS?
A. SDEE
B. SNMP
C. RDEP
D. syslog

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 18
In what two ways can the Cisco Security MARS present the incident data to the user graphically from the Summary Dashboard? (Select two)
A. event type group matrix
B. incident firing information
C. path information
D. compromised topology information
E. incident vector information
F. system-confirmed true positive information

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 19
Which attack can be detected by Cisco Security MARS using NetFlow data?
A. man-in-the middle attack
B. day-zero attack
C. spoof attack
D. Land attack
E. buffer overflow attack

Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 20
Which two of the following statements are TRUE when you configure the pnreset command on the Cisco Security MARS? (Choose two.)
A. erases the license file
B. sends Cisco IOS data from the Cisco Security MARS database to a network file server
C. enables you to view the status of the Cisco Security MARS processes and how long the processes have been active
D. sets the debug level that is reported in the logs
E. lets you add or delete disks in the Cisco Security MARS devices that support RAID configurations without powering down the devices
F. clears, sets, and initializes database structures

Correct Answer: AF Section: (none) Explanation
Explanation/Reference:

Cisco 642-544 Questions & Answers with explanations is all what you surely want to have before taking Cisco 642-544 exam.Cisco 642-544  Interactive Testing Engine is ready to help you to get your Cisco 642-544  by saving your time by preparing you quickly for the Cisco exam. If you are worried about getting your Cisco 642-544  certification passed and are in search of some best and useful material,Cisco 642-544  Q&A will surely serve you to enhance your Interconnecting Cisco Networking Devices Part 1 stydy.