Flydumps guarantee your Cisco 642-544 exam success with our Exam Resources. Cisco 642-544 braindumps are the latest and developed by experience’s IT certification Professionals working in today’s prospering companies and data centers.All our Cisco 642-544 brain dumps including Cisco https://www.leads4pass.com/642-544.html exam questions which guarantee you can 100% success Cisco 642-544 exam in your first try exam.
QUESTION 31
Which statement best describes the case management feature of Cisco Security MARS?
A. It is used to automatically collect and save information on incidents, sessions, queries, and reports dynamically without user interventions.
B. It is used to capture, combine, and preserve user-selected Cisco Security MARS data within a specialized report.
C. It is used to very quickly evaluate the state of the network.
D. It is used in conjunction with the Cisco Security MARS incident escalation feature for incident reporting.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 32
How does the Cisco Security MARS appliance perform IP address correlation (that is, map IP address translation) across NAT and PAT boundaries?
A. uses the NetFlow data
B. queries the PAT and NAT translation table through topological awareness and device configuration
C. analyzes the syslog messages that are received from the firewall devices in the network D. uses a NAT detection protocol to correlate the pre- and post-NAT and PAT addresses
E. uses predefined Cisco Security MARS system NAT rules to correlate events across NAT and PAT boundaries
F. uses NAT-T detection
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 33
Which one of the following statements is correct regarding the Cisco Security MARS maintenance procedure?
A. Cisco Security MARS audit logs can be exported to a centralized server for the consolidation and protection of the log data.
B. If the archive is generated with one release of software, then the restore has to be done with the same version of software.
C. No new events can be logged when the Cisco Security MARS local database reaches its maximum storage capacity.
D. Cisco Security MARS disk drives are not hot-swappable.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 34
When restoring archived data to a Cisco Security MARS appliance, what is the best practice to follow?
A. Use HTTPS to protect the data transfer.
B. Use Secure FTP to protect the data transfer.
C. Use “mode 5” restore from the Cisco Security MARS CLI to provide enhanced security during the data transfer.
D. Choose Admin > System Maintenance > Data Archiving on the Cisco Security MARS GUI to perform the restore operations on line.
E. To avoid problems, restore only to an identical or higher-end Cisco Security MARS appliance.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 35
Which one of the following incident types is pushed from a local controller to a global controller?
A. incidents on the local controller triggered by predefined system rules
B. incidents on the local controller triggered by local rules
C. true positive incidents on the local controller
D. any incidents on the local controller
E. incidents on the local controller that are manually selected for escalation to the global controller
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
QUESTION 36
LAB
A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 37
What is a supported mitigation feature on the Cisco Security MARS appliance?
A. generating and pushing configuration commands to Layer 3 devices
B. generating and pushing configuration commands to Layer 2 devices
C. automatically dropping all suspected traffic at the nearest IPS appliance
D. storing and identifying NetFlow data for attack mitigation
Correct Answer: CCCDADBC Section: (none) Explanation
Explanation/Reference:
QUESTION 38
What are three benefits in deploying Cisco Security MARS appliances using the global and local controller architecture? (Choose three.)
A. A global controller can provide a summary of all local controllers information (network topologies, incidents, queries, and reports results).
B. A global controller can provide a central point for creating rules and queries, which are applied simultaneously to multiple local controllers.
C. The architecture provides redundancy in case one of the Cisco Security MARS local controllers fails within a zone.
D. Users can seamlessly navigate to any local controller from the global controller GUI.
E. A global controller can correlate events from multiple local controllers to perform global sessionizations.
F. Rules that apply to multiple local controllers cannot be created on the global controller and pushed down to them from a central location.
Correct Answer: B Section: (none) Explanation
Explanation/Reference:
QUESTION 39
What are the two options for handling false-positive events reported by the Cisco Security MARS appliance? (Choose two.)
A. archive to NFS only
B. save as a false-positive report
C. drop
D. mitigate at Layer 2
E. log to the database only
F. escalate to the Cisco Security MARS administrator
Correct Answer: ABD Section: (none) Explanation
Explanation/Reference:
QUESTION 40
Which three statements are correct about the Cisco Security MARS global and local controller architecture? (Choose three.)
A. The global controller can correlate events from different local controllers into a common session.
B. One global controller can support multiple local controllers.
C. Each zone can have one local controller.
D. All local controllers events are propagated to the global controller for correlations.
E. The global controller and the local controllers can be running different Cisco Security MARS OS versions.
F. Incidents can be viewed on the global controller based on a selected local controller.
Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 41
Which two of the following statements are correct regarding the Cisco Security MARS rules? (Choose two)
A. User-defined rules are treated as global rules. When an incident is fired by a user-defined rule on the Cisco Security MARS local controller, the rule propagates to the Cisco Security MARS global controller.
B. Predefined system rules are treated as global rules. When an incident is fired by a system rule on the Cisco Security MARS local controller, the system rule propagates to the Cisco Security MARS global controller.
C. Drop rules are treated as global rules so it will automatically propagate to the Cisco Security MARS global controller.
D. Rules can be created on both the Cisco Security MARS global controller and the Cisco Security MARS local controllers. Rules on the Cisco Security MARS global controller will propagate down to the Cisco Security MARS local controllers.
E. It is not possible to edit the global rules created on the Cisco Security MARS global controller from the Cisco Security MARS local controller.
Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
QUESTION 42
LAB A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 43
Cisco Security MARS uses NetFlow data to perform which function?
A. traffic profiling and statistical anomaly detection
B. correlation across NAT boundary
C. data reductions
D. events normalization
E. false-positive analysis
F. topology-aware sessionizations to combine multiple events into end-to-end sessions
Correct Answer: CECCEEEEDADFEBECEE Section: (none) Explanation
Explanation/Reference: QUESTION 44
Which two are required to enable Cisco Security MARS Level 3 operations? (Choose two.)
A. global controller
B. vulnerability scanning
C. NetFlow
D. SNMP community string
E. administrative access to the device
F. Cisco Security Manager
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
QUESTION 45
What enables the Cisco Security MARS appliance to profile network usage and detect statistically significant anomalous behavior from a computed baseline?
A. Cisco Security MARS Global Controller
B. Cisco Security Manager
C. NetFlow
D. Cisco Security MARS Custom Parser
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 46
LAB A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 47
Drop A.
B.
C.
D.
Correct Answer: Section: (none) Explanation
Explanation/Reference:
QUESTION 48
Which two steps are required to represent a Check Point device in the Cisco Security MARS? (Select two)
A. Define Security Contexts.
B. Define Primary Management Station.
C. Define Secure Internal Communicator (SIC).
D. Define Check Point OPSEC.
E. Define Child Enforcement Module(s).
F. Define Parent Enforcement Module.
Correct Answer: E Section: (none) Explanation
Explanation/Reference:
All most all IT professionals are familiar with the Cisco https://www.leads4pass.com/642-544.html exam and dream to have that top most demanding certification. This is the top level certification from CISCO that is accepted universally. You can get your desired career which you dreamed with passing Cisco 642-544 test and getting the certificate.