kaoccna 的优势

642-545 试题的质量和价值
mcsepass 模拟测试题具有最高的专业技术含量，只供具有相关专业知识的专家和学者学习和研究之用。
100% 保证您通过 642-545 的考试
如果你使用 mcsepass 模拟测试，我们将保证你的第一次参加考试即取得成功，否则，我们将全额退款！
试用后再购买
mcsepass 提供每种产品免费测试。在您决定购买之前，请检测联接，可能存在的问题及试题质量和适用性。
kaoccna认证考试题库网专业提供 Cisco 642-545 最新题库下载，完全覆盖 mcsepass 考试原题。

部分考题展示

　
　
Exam : Cisco 642-545
Title : Implementing Cisco Security Monitoring, Analysis and Response System


1. At what level of operation does the Cisco Security MARS appliance perform NAT and PAT resolution?
A. Local (Level 0)
B. Basic (Level 1)
C. Intermediate (Level 2)
D. Advanced (Level 3)
E. Global (Level 4)
Answer: C

2. Which two configuration options enable the Cisco Security MARS appliance to perform mitigation? (Choose two.)
A. SNMP RW community string
B. Cisco Security MARS integration with Cisco Security Manager
C. Telnet or SSH access type with SNMP RO community
D. a NetFlow device added in the Cisco Security MARS database
E. SSL communications with the network devices
Answer: AC

3. What is a supported mitigation feature on the Cisco Security MARS appliance?
A. generating and pushing configuration commands to Layer 3 devices
B. generating and pushing configuration commands to Layer 2 devices
C. automatically dropping all suspected traffic at the nearest IPS appliance
D. storing and identifying NetFlow data for attack mitigation
Answer: B

4. Which statement best describes the case management feature of Cisco Security MARS?
A. It is used to automatically collect and save information on incidents, sessions, queries, and reports dynamically without user interventions.
B. It is used to capture, combine, and preserve user-selected Cisco Security MARS data within a specialized report.
C. It is used to very quickly evaluate the state of the network.
D. It is used in conjunction with the Cisco Security MARS incident escalation feature for incident reporting.
Answer: B

5. Which attack can be detected by Cisco Security MARS using NetFlow data?
A. man-in-the middle attack
B. day-zero attack
C. spoof attack
D. Land attack
E. buffer overflow attack
Answer: B

6. What are the two options for handling false-positive events reported by the Cisco Security MARS appliance? (Choose two.)
A. archive to NFS only
B. save as a false-positive report
C. drop
D. mitigate at Layer 2
E. log to the database only
F. escalate to the Cisco Security MARS administrator
Answer: CE

7. What is used to publish events to Cisco Security MARS about Cisco IPS signatures that have fired?
A. SNMP
B. SSL
C. HTTPS
D. SDEE
E. syslog
F. Secure FTP
Answer: D

8. Which action enables the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely, or by just logging them to the database?
A. creating system inspection rules using the drop operation
B. creating drop rules
C. inactivating the rules
D. inactivating the events
E. deleting the false-positive events from the Incidents page
F. deleting the false-positive events from the Event Management page
Answer: B

9. Which statement is true about the case management feature of Cisco Security MARS?
A. Cases are created on a global controller, but they can be viewed and modified on a local controller.
B. The global controller has a Case bar and all cases are selected from the Query/Reports > Cases page.
C. Cases are created on a local controller, but they can be viewed and modified on a global controller.
D. The Cases page on a local controller has an additional drop-down filter to display cases per a global controller.
Answer: C

10. Which three statements are true about Cisco Security MARS rules? (Choose three.)
A. There are three types of rules.
B. Rules can be saved as reports.
C. Rules can be deleted.
D. Rules trigger incidents.
E. Rules can be defined using a seed file.
F. Rules can be created using a query.
Answer: ADF