Free Actualpaper Samples and Demo Questions Download
Adobe exams Adobe
Apple exams Apple
Avaya exams Avaya
BlackBerry exams BlackBerry
CheckPoint exams Check Point
Cisco exams Cisco
Citrix exams Citrix
CIW exams CIW
CompTIA exams CompTIA
CWNP exams CWNP
EC-Council exams EC-Council
EMC exams EMC
Exin exams Exin
HP exams Hewlett Packard
IBM exams IBM
ISC exams ISC
ISEB exams ISEB
Juniper Networks exams Juniper Networks
LPI exams LPI
Microsoft exams Microsoft
Network Appliance exams Network Appliance
Nortel exams Nortel
Novell exams Novell
Oracle exams Oracle
PMI exams PMI
RedHat exams RedHat
RSA Security exams RSA Security
SNIA exams SAP
Sun exams Sun
Symantec exams Symantec
Tibco exams Tibco
VMWare exams VMWare
All certification exams

Cisco 642-545 Exam - ActualPaper.com

Free 642-545 Sample Questions:

1. Which three options are true with regard to the Cisco Security MARS global and local controller architecture? (Choose three.)

A. All local controllers events are propagated to the global controller for correlations.
B. One global controller can support multiple local controllers.
C. Each zone can have one local controller.
D. Incidents can be viewed on the global controller based on a selected local controller.

Answer: B, C, D

2. Which two alert actions can notify a user that a Cisco Security MARS rule has fired, and that an incident has been logged? (Choose two.)

A. syslog
B. Short Message Service
C. OPSEC-LEA (clear and encrypted)
D. XML notification

Answer: B, D

3. Which option is correct about the case management feature of Cisco Security MARS?

A. It is used in conjunction with the Cisco Security MARS incident escalation feature for incident reporting.
B. It is used to capture, combine, and preserve user-selected Cisco Security MARS data within a specialized report.
C. It is used to automatically collect and save information on incidents, sessions, queries, and reports dynamically without user interventions.
D. It is used to very quickly evaluate the state of the network.

Answer: B

4. Which two statements accurately describe the Cisco Security MARS rules? (Choose two)

A. Drop rules are treated as global rules so it will automatically propagate to the Cisco Security MARS global controller.
B. Predefined system rules are treated as global rules. When an incident is fired by a system rule on the Cisco Security MARS local controller, the system rule propagates to the Cisco Security MARS global controller.
C. It is not possible to edit the global rules created on the Cisco Security MARS global controller from the Cisco Security MARS local controller.
D. Rules can be created on both the Cisco Security MARS global controller and the Cisco Security MARS local controllers. Rules on the Cisco Security MARS global controller will propagate down to the Cisco Security MARS local controllers.

Answer: B, D

5. The Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) is an appliance-based, all-inclusive solution that provides unmatched insight and control of your existing security deployment. Which three items are correct with regard to Cisco Security MARS rules? (Choose three.)

A. There are three types of rules.
B. Rules can be deleted.
C. Rules can be created using a query.
D. Rules trigger incidents.

Answer: A, C, D

6. According to the exhibit displayed in the screen, the Local Controller-Global Controller state is active but the communications do not appear to work. Which is the most likely cause of this situation?

A. The Local Controller and Global Controller port 80 traffic is being blocked by a firewall.
B. This issue results from a time synchronization mismatch.
C. You forgot to click Activate for Global Controller-based topological changes to be pushed to the Local Controller.
D. This issue results from a backlog of data that is caused by a temporary disconnect of the Local Controller and Global Controller.

Answer: D

7. Study the exhibit carefully. Which icon can be chosen to generate the access rules information displayed toward the bottom of the screen?

A. Incident Vector icon
B. Security Manager Policy Table Lookup icon
C. ISR Device Manager Policy icon
D. Raw Events icon

Answer: B

8. Which additional steps should you take after manually adding the BR-FW-1 device shown in the MARS GUI screen?

A. Click "Submit" to enable the device.
B. Click "Submit" to test access to the device, When access is successful. Click "Activate" to activate the device.
C. Click "Activate" to activate the device, then click "Submit" to save the device configuration.
D. Click "Discover" to initiate manual discovery. When discovery is completed, click "Submit", then "Activate."

Answer: D

9. Which three items about the Query displayed on the MARS GUI screen are correct? (Choose three.)

A. Query will match any source IP address.
B. Query will only match a destination IP address of 10.1.1.1 OR 10.1.1.25.
C. Query will only match a destination IP address range from 10.1.1.1 to 10.1.1.25.
D. Query will only match any services using the TCP-highPort OR UDP-highPort services groups.

Answer: A, C, D

10. Which three reporting devices could be added to the MARS appliance by use of the "Add SW security apps on new host?" (Choose three.)

A. Cisco ACS
B. FWSM
C. SNORT
D. generic web server

Answer: A, C, D