Free Cheat-test Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
Check Point exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
Fortinet exams Fortinet
Hitachi exams Hitachi
HP exams HP
IBM exams IBM
Isaca exams Isaca
ISC exams ISC
Juniper exams Juniper
LPI exams LPI
McAfee exams McAfee
Microsoft exams Microsoft
Oracle exams Oracle
PMI exams PMI
Riverbed exams Riverbed
SNIA exams SAP
Sun exams SAS
Symantec exams Symantec
VMware exams VMware
All certification exams

Cisco 642-544 Exam -

Free 642-544 Sample Questions:

Q: 1 To configure a Microsoft Windows IIS server to publish logs to the Cisco Security MARS, which log agent is installed and configured on the Microsoft Windows IIS server?
A. pnLog agent
B. Cisco Security MARS agent
D. None. Cisco Security MARS is an agentless device.
Answer: C

Q: 2 What protocol does Juniper NetScreen IDP use to exchange IPS events with the Cisco Security MARS?
D. syslog
Answer: D

Q: 3 At what level of operation does the Cisco Security MARS appliance perform NAT and PAT resolution?
A. Local (Level 0)
B. Basic (Level 1)
C. Intermediate (Level 2)
D. Advanced (Level 3)
E. Global (Level 4)
Answer: C

Q: 4 A Cisco Security MARS appliance cannot access certain devices through the default gateway. Troubleshooting has determined that this is a Cisco Security MARS configuration issue.
Which additional Cisco Security MARS configuration will be required to correct this issue?
A. use the Cisco Security MARS GUI or CLI to enable a dynamic routing protocol
B. use the Cisco Security MARS CLI to add a static route
C. use the Cisco Security MARS GUI to configure multiple default gateways
D. use the Cisco Security MARS GUI or CLI to configure multiple default gateways
Answer: B

Q: 5 Which action enables the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely, or by just logging them to the database?
A. creating system inspection rules using the drop operation
B. creating drop rules
C. inactivating the rules
D. inactivating the events
E. deleting the false-positive events from the Incidents page
F. deleting the false-positive events from the Event Management page
Answer: B

Q: 6 Which three of the following statements are correct regarding the Query shown on the MARS GUI screen?(Choose three.)
A. Query will match any source IP address.
B. Query will only match a source IP address of
C. Query will only match a destination IP address range from to
D. Query will only match a destination IP address of OR
E. Query will only not match any services since both TCP-highPort and UDP-highPort service groups are specified in the Service field.
F. Query will only match any services using the TCP-highPort OR UDP-highPort service groups.
Answer: A, C, F

Q: 7 Which three statements are true about Cisco Security MARS rules? (Choose three.)
A. There are three types of rules.
B. Rules can be saved as reports.
C. Rules can be deleted.
D. Rules trigger incidents.
E. Rules can be defined using a seed file.
F. Rules can be created using a query.
Answer: A, D, F

Q: 8 Which two are required to enable Cisco Security MARS Level 3 operations? (Choose two.)
A. global controller
B. vulnerability scanning
C. NetFlow
D. SNMP community string
E. administrative access to the device
F. Cisco Security Manager
Answer: D, E

Q: 9 What is a zone?
A. A zone represents all the local controllers each global controller is monitoring.
B. A zone is a logical partition within a local controller. Configuring zones allows the local controller to scale to cover large networks.
C. A zone is an area of a customer network related to one local controller. Each local controller represents a specific zone.
D. Each zone within the global controller is configured and managed independently.
E. Each zone within the local controller is configured and managed independently.
Answer: C

Q: 10 In what two ways can the Cisco Security MARS present the incident data to the user graphically from the Summary Dashboard? (Select two)
A. event type group matrix
B. incident firing information
C. path information
D. compromised topology information
E. incident vector information
F. system-confirmed true positive information
Answer: C, E

Q: 11 Which two of the following statements are TRUE when you configure the pnreset command on the Cisco Security MARS? (Choose two.)
A. erases the license file
B. sends Cisco IOS data from the Cisco Security MARS database to a network file server
C. enables you to view the status of the Cisco Security MARS processes and how long the processes have been active
D. sets the debug level that is reported in the logs
E. lets you add or delete disks in the Cisco Security MARS devices that support RAID configurations without powering down the devices
F. clears, sets, and initializes database structures
Answer: A, F

Q: 12 Which three statements are correct about the Cisco Security MARS global and local controller architecture? (Choose three.)
A. The global controller can correlate events from different local controllers into a common session.
B. One global controller can support multiple local controllers.
C. Each zone can have one local controller.
D. All local controllers events are propagated to the global controller for correlations.
E. The global controller and the local controllers can be running different Cisco Security MARS OS versions.
F. Incidents can be viewed on the global controller based on a selected local controller.
Answer: B, C, F

© 2014, All Rights Reserved