Implementing Cisco Security Monitoring, Analysis and Response System : 642-544 Exam
642-544 MARS
Implementing Cisco Security Monitoring, Analysis and Response System
Exam Number: 642-544
Associated Certifications: Implementing Cisco Security Monitoring, Analysis and Response System
Duration: 60 minutes (40-50 Questions)
Available Languages: English
Click Here to Register: Pearson VUE
Exam Policies: Read current policies and requirements
Exam Tutorial: Review type of exam questions
Exam Description Exam Topics Recommended Training Additional Resources
Exam Description
The 642-544 MARS Implementing Cisco Security Monitoring, Analysis and Response System exam is associated with the Cisco Certified Security Professional certification. Candidates can prepare for this exam by taking the Implementing Cisco Security Monitoring, Analysis and Response System course. This exam tests a candidate’s knowledge of the Cisco Security Monitoring, Analysis and Response System.
Exam Topics
The following topics are general guidelines for the content likely to be included on the Remote Access exam. However, other related topics may also appear on any specific delivery of the exam. In order to better reflect the contents of the exam and for clarity purposes, the guidelines below may change at any time without notice.
Install and configure the Cisco Security MARS product
Identify the components, features and functions of the Cisco Security MARS product
Describe the process of installing the Cisco Security MARS appliance
Add Cisco reporting devices into the Cisco Security MARS appliance
Add non-Cisco reporting devices into the Cisco Security MARS appliance
Investigate events that the Cisco Security MARS appliance collects from configured security devices
Configure the Cisco Security MARS appliance to send alerts
Create and view a long-duration query on the Cisco Security MARS appliance
Configure rules to detect interesting patterns of network activity and other anomalous network behavior
Use the management features in the Cisco Security MARS appliance to assign event, addressing, service, and user information
Configure the Cisco Security MARS appliance hardware maintenance activities
Utilize the Global Controller to manage multiple Cisco Security MARS appliances
Exam Number/Code: 642-544
Exam Name:Implementing Cisco Security Monitoring, Analysis and Response System
“Implementing Cisco Security Monitoring, Analysis and Response System”, also known as 642-544 exam, is a Cisco certification. With the complete collection of questions and answers, Actualtests has assembled to take you through 49 Q&As to your 642-544 Exam preparation. In the 642-544 exam resources, you will cover every field and category in Others helping to ready you for your successful Cisco Certification.
Free Demo Download Actualtests offers free demo for 642-544 exam (Implementing Cisco Security Monitoring, Analysis and Response System). You can check out the interface, question quality and usability of our practice exams before you decide to buy it.
Free Sample :PassGuide-it certification Printable PDF Or software
Download: Actualtest offers free demo for IT certification Exams You can check out the interface, question quality and usability of our IT Simulation exams before you decide to buy it. We are the only one site can offer demo for almost all products
http://demo.passguide.com/download
QUESTION 11
Which attack can be detected by Cisco Security MARS using NetFlow data?
A. Man-in-the Middle attack
B. Day-zero attack
C. Buffer overflow attack
D. Land Attack
E. Spoof attack
Answer: B
Explanation:
Page 81 of the 4.2.x User Guide
How MARS Uses NetFlow Data
When MARS is configured to work with NetFlow, you can take advantage of NetFlow’s
anomaly
detection using statistical profiling, which can pinpoint day zero attacks like worm
outbreaks. MARS
uses NetFlow data to accomplish the following:
Profile the network usage to determine a usage baseline
Detect statistically significant anomalous behavior in comparison to the baseline
Correlate anomalous behavior to attacks and other events reported by network IDS/IPS
systems
After being inserted into a network, MARS studies the network usage for a full week,
including the
weekend, to determine the usage baseline. Once the baseline is determined, MARS
switches to detection
mode where it looks for statistically significant behavior, such as the current value
exceeds the mean by
2 to 3 times the standard deviation.
642-544
Actualtests.com – The Power of Knowing
QUESTION 12
In What two ways can the Cisco Security MARS present the incident data to the user
graphically from the Summary Dashboard? (Choose two.)
A. Incident firing information
B. System-confirmed true positive information
C. Event Type group matrix
D. Incident vector information
E. Path information
F. Compromised topology information
Answer: D, E
Explanation:
Now you can begin your visual analysis. CS-MARS can present the incident data to you
graphically from the Summary Dashboard in two ways. By clicking the respective icons
within the Path column, you can visualize the data through two perspectives:
Path information
Incident vector information
QUESTION 13
Which attack can be detected by Cisco Security MARS using NetFlow data?
A. Day-zero attack
B. Land Attack
C. Buffer overflow attack
D. Spoof attack
E. Man-in-the Middle attack
Answer: A
Explanation:
How MARS Uses NetFlow Data
When MARS is configured to work with NetFlow, you can take advantage of NetFlow’s
anomaly
detection using statistical profiling, which can pinpoint day zero attacks like worm
outbreaks. MARS
uses NetFlow data to accomplish the following:
Profile the network usage to determine a usage baseline
Detect statistically significant anomalous behavior in comparison to the baseline
Correlate anomalous behavior to attacks and other events reported by network IDS/IPS
systems
After being inserted into a network, MARS studies the network usage for a full week,
including the
weekend, to determine the usage baseline. Once the baseline is determined, MARS
switches to detection
642-544
Actualtests.com – The Power of Knowing
mode where it looks for statistically significant behavior, such as the current value
exceeds the mean by
2 to 3 times the standard deviation.
QUESTION 14
Which two of the following statements are TRUE when you configure the pnreset
command on the Cisco Security MARS? (Choose two.)
A. Clears, sets and initializes database structures
B. Sets the debug level that is reported in the logs
C. Erases the license file
D. Enables you to view the status of the Cisco Security MARS processes and how long
the processes have been active
E. Sends Cisco IOS data from the Cisco Security MARS database to a network file server
F. Lets you add or delete disks in the Cisco Security MARS devices that support RAID
configuration without powering down the devices
Answer: A, C
Explanation:
CiscoPress.
The pnreset command resets the CS-MARS device to factory defaults. This includes
erasing the license file. You must write down the license file before doing a reset because
when you reconfigure the device, the license key is required. When pnreset is completed,
the database structures are cleared, set, and initialized.
QUESTION 15
Which one of the following incident types is pushed from a local controller to a global
controller?
A. Any incidents on the local controller
B. Incidents on the local controller triggered by predefined system rules
C. Incidents on the local controller triggered by local rules
D. True positive incidents on the local controller
E. Incidents on the local controller that are manually selected for escalation to the global
controller
Answer: B
Explanation: LC only push up incidents coming from Global Rules (System-defined
Rules are included) to the GC.
QUESTION 16
What enables the Cisco Security MARS appliance to profile network usage and detect
statistically significant anomalous behavior from a computed baseline?
642-544
Actualtests.com – The Power of Knowing
A. Cisco Security MARS Global Controller
B. NetFlow
C. Cisco Security Manager
D. Cisco Security MARS custom Parser
Answer: B
Explanation:
Source
Page 81 of the 4.2.x User Guide
How MARS Uses NetFlow Data
When MARS is configured to work with NetFlow, you can take advantage of NetFlow’s
anomaly
detection using statistical profiling, which can pinpoint day zero attacks like worm
outbreaks. MARS
uses NetFlow data to accomplish the following:
Profile the network usage to determine a usage baseline
Detect statistically significant anomalous behavior in comparison to the baseline
Correlate anomalous behavior to attacks and other events reported by network IDS/IPS
systems
After being inserted into a network, MARS studies the network usage for a full week,
including the
weekend, to determine the usage baseline. Once the baseline is determined, MARS
switches to detection
mode where it looks for statistically significant behavior, such as the current value
exceeds the mean by
2 to 3 times the standard deviation.
QUESTION 17
Your work as a network administrator at Certkiller .com. Your boss, Mrs. Certkiller, is
interested in Cisco definitions. Match the terms with the appropriate definitions.
642-544
Actualtests.com – The Power of Knowing
Answer:
QUESTION 18
The Cisco Security MARS appliance supports which protocol for data archiving and
restoring?
A. NFS
B. Secure TP
C. TFTP
642-544
Actualtests.com – The Power of Knowing
D. SSH
E. FTP
Answer: A
QUESTION 19
What three data points are used to correlate reports in the Cisco Security MARS?
(Choose three.)
A. Query Criterion
B. Maximum Rank Returned
C. View Type
D. Period of Time
E. Order/Rank By
F. Incident Type
Answer: A, C, D
Free download:pass4sure CCSP 642-544
Free download?testking CCSP 642-544
Download Free PassGuide Product, Help you pass any it Exams,Click Me
| Actualtests Free Downloads |
|
Type
|
Exam Bible |
NEW Questions & Answers |
Latest Updated
|
Download link |
 |
All Actual-Test 's Exam Pack |
858
|
1 days ago |
Full Download
|
Download Free Latest Actualtests Certification Braindumps
- Free Actualtest Actualtests CCSP 642-533
- Free Actualtest Actualtests 642-565
- Free Actualtest Actualtests CCSP 642-532
- Free Actualtest Actualtests CCSP 642-542
- Free Actualtest Actualtests CCSP 642-513
- Free Actualtest Actualtests CCSP 642-541
- Free Actualtest Actualtests CCSP 642-591
- Free Actualtest Actualtests CCSP 642-515
- Free Actualtest Actualtests CCSP 642-524
- Free Actualtest Actualtest cisco ccsp mars 642-545
