Cisco 642-544 PDF, Free Download Real Cisco 642-544 Exam With 100% Pass Rate

Passed Cisco 642-544 yesterday on first attempt only using the Exampass premium vce and one corrected answers.Thanks a lot for your valuable update reagding premium dump.It will definitely help me for preparing for the exam before to write.

QUESTION 32
What protocol does Juniper Netscreen IDP use to exchange IPS events with the Cisco Security MARS?
A. Syslog
B. RDEP
C. SDEE
D. SNMP

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: “Supported and Interoperable Devices …..MARS”
QUESTION 33
Which three statements are true about Cisco Security MARS rules? (Choose three.)
A. Rules can be defined using a seed file
B. There are three types of rules
C. Rules can be created using a query
D. Rules can be deleted
E. Rules can be saved as reports
F. Rules trigger incidents

Correct Answer: BCF Section: (none) Explanation Explanation/Reference:
QUESTION 34
DRAG DROP Your work as a network administrator at Certkiller .com. Your boss, Mrs. Certkiller, is interested in Cisco MARS. Match the terms with the appropriate definitions.

A.
B.
C.
D.

Correct Answer: Section: (none) Explanation Explanation/Reference:

QUESTION 35
Which two are required to enable Cisco Security MARS Level 3 operations? (Choose two.)
A. NetFlow
B. Cisco Security Manager
C. SNMP Community String
D. Vulnerability Scanning
E. Administrative Access to the device
F. Global Controller

Correct Answer: CE Section: (none) Explanation
Explanation/Reference:
QUESTION 36
. To configure a Microsoft Windows IIS Server to publish logs to the Cisco Security MARS, which log agent is installed and configured on the Microsoft Windows IIS Server?
A. SNARE
B. pnLog Agent
C. None, Cisco Security MARS is an agentless device
D. Cisco Security MARS agent

Correct Answer: A Section: (none) Explanation Explanation/Reference:
Explanation: Source Page 281 of 4.2.x User Guide You can add computers running Microsoft Windows to MARS as reporting devices. The Microsoft Windows computer needs to run InterSect Alliance SNARE for IIS, from which MARS receives web log data.
QUESTION 37
What is a zone?
A. Each zone within the global controller is configured and managed independently
B. A Zone represents all the local controllers each global controller is monitoring
C. Each zone within the local controller is configured and management independently
D. A zone is an area of a customer network related to one local controller. Each local controller represents a specific zone
E. A Zone is a logical partition within a local controller. Configuration zones allows the local controller to scale to cover large networks

Correct Answer: D Section: (none) Explanation
Explanation/Reference:
QUESTION 38
Cisco Security MARS uses NetFlow data to perform which function?
A. Events normalization
B. Topology-aware sessionizations to combine multiple events into end-to-end sessions
C. False-positive analysis
D. Data reductions
E. Correlation across NAT boundary
F. Traffic profiling and statistical anomaly detection

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 39
A Cisco Security MARS appliance can’t access certain devices through the default gateway. Troubleshooting has determined that this is a Cisco Security MARS configuration issue. Which additional Cisco Security MARS configuration will be required to correct this issue?
A. Use the Cisco Security MARS GUI to configure multiple default gateways
B. Use the Cisco Security MARS GUI or CLI to configure multiple default gateways
C. Use the Cisco Security MARS GUI or CLI to enable a dynamic routing protocol
D. Use the Cisco Security MARS CLI to add a static route

Correct Answer: D Section: (none) Explanation
Explanation/Reference: QUESTION 40
When restoring archived data to a Cisco Security MARS appliance, what is the best practice to follow?
A. To avoid problems, restore only to an identical or higher-end Cisco Security MARS appliance
B. Use Secure FTP to protect the data transfer
C. Choose Admin > System Maintenance > Data archiving on the Cisco Security MARS GUI to perform the restore operations in inline
D. Use HTTPS to protect the data transfer
E. Use “Mode 5” restore from the Cisco Security MARS CLI to provide enhanced security during the data transfer

Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Explanation: Source – Install and Upgrade Guide for Cisco MARS, Page 150 To restore to a secondary appliance, you must restore to an appliance of the same model or higher. For example, you can restore an image from a MARS 20 to a MARS 20, MARS 50, MARS 100, or MARS 100e; however, you cannot restore a MARS 50 to a MARS 20.
QUESTION 41
How does the Cisco Security MARS Appliance perform IP Address correlation (that is, map ip address translation) across NAT and PAT boundaries?
A. Uses a NAT detection protocol to correlate the pre- and post-NAT and PAT addresses
B. Uses NAT-T detection
C. Analyze the syslog messages that are received from the firewall devices in the network
D. Uses the NetFlow data
E. Use predefined Cisco Security MARS system NAT rules to correlate events across NAT and PAT boundaries
F. Queries the PAT and NAT translation table through topological awareness and device configuration

Correct Answer: F Section: (none) Explanation
Explanation/Reference:
QUESTION 42
Which three statements are true about Cisco Security MARS rules? (Choose three.)
A. Rules can be deleted
B. Rules can be created using a query
C. Rules can be defined using a seed file
D. Rules can be saved as reports
E. There are three types of rules
F. Rules trigger incidents

Correct Answer: Section: (none) Explanation
Explanation/Reference: QUESTION 43
Which two of the following statements are correct regarding the Cisco Security MARS rules? (Choose two.)
A. Drop rules are treated as global rules so it will automatically propagate to the Cisco Security MARS global controller
B. Predefined system rules are treated as global rules. When an incident is fired by a system rule on the Cisco Security MARS local controller, the system rule propagates to the Cisco Security MARS global controller
C. Rules can be treated on both the Cisco Security MARS global controller and the Cisco Security MARS local controllers. Rules on the Cisco Security MARS global controller will propagate down to the Cisco Security MARS local controllers
D. User-defined rules are treated as global rules. When an incident is fired by a use-defined rule on the Cisco Security MARS local controller, the rule propagate to the Cisco Security MARS global controller

Correct Answer: BC Section: (none) Explanation
Explanation/Reference:
Explanation: Source – User Guide 4.2.x Types of Rules Note A rule cannot be deleted, it can be made active or inactive. Inspection Rules An inspection rule states the logic by which the CS-MARS tests whether or not a single network event or series of events is a noteworthy incident. An event or series of events with attributes that match the attributes specified in an inspection rule causes the rule to trigger (or “fire”) to create an incident. Incidents may be attacks, network configuration errors, false positives, or just anomalous network activity. The over 100 inspection rules that ship with MARS are called System Inspection Rules. The number and structure of system rules are updated in signature upgrades and with more recent software releases. Both types of upgrades are performed from the Admin > System Maintenance > Upgrade page. You can create custom inspection rules by editing or duplicating system inspection rules, by adding your own from the Inspection Rules page, or by using the Query interface. Customized inspection rules are called User Inspection Rules and are displayed on the Inspection Rules page. Inspection rules can be created on both the Global Controller and the Local Controllers. Global User Inspection Rules Global Inspection Rules are inspection rules you create on a Global Controller then push to the Local Controller. From the Local Controller, you can edit only the Source IP Address, Destination IP Address, and Action fields of a Global Inspection Rule. To change the arguments of the other fields, you must edit the rule on the Global Controller. When you edit a global inspection rule on the Local Controller then edit it again on the Global Controller, the Global Controller version overwrites the Local Controller version. Global Inspection rule names are displayed with the prefix “Global Rule.” Drop Rules Drop rules allow false positive tuning on a MARS, and are defined only on the Local Controller Drop Rules page. They allow you to refine the inspected event stream by specifying events and streams to be ignored and whether those data should be stored in the database or discarded entirely. Drop rules are applied to events as they come in from a reporting device, after they have been parsed and before they have been sessionized. Events that match active drop rules are not used to construct incidents. Because the Global Controller does not receive events from reporting devices, rather it receives them from Local Controllers, you cannot define drop rules for the Global Controller.
QUESTION 44
To configure a Microsoft Windows IIS Server to publish logs to the Cisco Security MARS, which log agent is installed and configured on the Microsoft Windows IIS Server?
A. None, Cisco Security MARS is an agentless device
B. pnLog Agent
C. SNARE
D. Cisco Security MARS agent

Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Explanation: Source Page 281 of 4.2.x User Guide You can add computers running Microsoft Windows to MARS as reporting devices. The Microsoft Windows computer needs to run InterSect Alliance SNARE for IIS, from which MARS receives web log data.
QUESTION 45
Which two of the following statements are TRUE when you configure the pnreset command on the Cisco Security MARS? (Choose two.)
A. Enables you to view the status of the Cisco Security MARS processes and how long the processes have been active
B. Clears, sets and initializes database structures
C. Lets you add or delete disks in the Cisco Security MARS devices that support RAID configuration without powering down the devices
D. Sends Cisco IOS data from the Cisco Security MARS database to a network file server
E. Sets the debug level that is reported in the logs
F. Erases the license file

Correct Answer: BF Section: (none) Explanation
Explanation/Reference:
Explanation:
Source Page 184 of the Install and Setup Guide for Cisco MARS The pnreset command restores the
appliance to factory settings by deleting system configuration and
event data stored in the appliance database.
Before executing the pnreset command without an option, write down the license key of the appliance.
The license key is cleared during the reset process. You must provide this license key during the initial
configuration following a reset operation, and it is not restored as part of archived data.
This caution does
not apply to pnreset when used with one of the options.

QUESTION 46
What is the benefit of using the dollar variable ( as in $TARGET01 ) when creating queries in Cisco Security MARS?
A. The dollar variable enables multiple queries to reference the same common 5-tuple information using a variable
B. The dollar variable ensures that the probes and attacks that are reported are happening to the same host
C. The dollar variable enables the same query to be applied to different cases
D. The dollar variable allows matching of any event type groups
E. The dollar variable enables the same query to be applied to different reports
F. The dollar variable allows matching of any unknown reporting device

Correct Answer: B Section: (none) Explanation
Explanation/Reference:

Cisco 642-544 Exam Certification Guide presents you with an organized test preparation routine through the use of proven series elements and techniques.“Do I Know This Already?”quizzes open each chapter and allow you to decide how much time you need to spend on each section.Cisco 642-544 lists and Foundation Summary tables make referencing easy and give you a quick refresher whenever you need it.Challenging Cisco 642-544 review questions help you assess your knowledge and reinforce key concepts. Cisco 642-544 exercises help you think about exam objectives in real-world situations,thus increasing recall during exam time.