642-567 Exam

Quality and Value for the 642-567 Exam

Test4pass Practice Exams for Cisco 642-567 are written to the highest standards of technical accuracy, using only certified subject matter experts and published authors for development.

100% Guarantee to Pass Your 642-567 Exam

If you prepare for the exam using our Test4pass testing engine, we guarantee your success in the first attempt. If you do not pass the Others 642-567 exam (ProCurve Secure WAN) on your first attempt we will give you a FULL REFUND of your purchasing fee AND send you another same value product for free.

Cisco 642-567 Downloadable, Printable Exams (in PDF format)

Our Exam 642-567 Preparation Material provides you everything you will need to take your 642-567 Exam. The 642-567 Exam details are researched and produced by Professional Certification Experts who are constantly using industry experience to produce precise, and logical. You may get questions from different web sites or books, but logic is the key. Our Product will help you not only pass in the first try, but also save your valuable time.

642-567 Downloadable, Interactive Testing engines

We are all well aware that a major problem in the IT industry is that there is a lack of quality study materials. Our Exam Preparation Material provides you everything you will need to take a certification examination. Like actual certification exams, our Practice Tests are in multiple-choice (MCQs) Our Cisco 642-567 Exam will provide you with free 642-567 dumps questions with verified answers that reflect the actual exam. These questions and answers provide you with the experience of taking the actual test. High quality and Value for the 642-567 Exam:100% Guarantee to Pass Your Others exam and get your Others Certification.

Hot KeyWords On 642-567 test

We collect some hot keywords about this exam:
Test4pass , Pass 4 Sure , Test in Side ,Pass Guide ,Test King 642-567 exam | 642-567 pdf exam | 642-567 braindumps | 642-567 study guides | 642-567 trainning materials | 642-567 simulations | 642-567 testing engine | 642-567 vce | 642-567 torrent | 642-567 dumps | free download 642-567 | 642-567 practice exam | 642-567 preparation files | 642-567 questions | 642-567 answers.

How to pass your 642-567 exam

You can search on Search Engine and Find Best IT Certification site: Test4pass.com - Find the Method to succeed 642-567 test,The safer.easier way to get Others Certification .

��
��
Exam : Cisco 642-567
Title : Cisco(r) Advanced Security for Field Engineers


1. Which browser plug-in is required to view the charts and graphs on the MARS Appliance?
A. Macromedia Flash Player
B. Sun Microsystems Java
C. Microsoft PowerPoint
D. Adobe SVG Viewer
Answer: D

2. What will happen if you try to run a MARS query that will take a long time to complete?
A. After submitting the query, the MARS GUI screen will be locked up until the query completes.
B. The query will be automatically saved as a rule.
C. The query will be automatically saved as a report.
D. You will be prompted to "Submit Batch" to run the query in batch mode.
E. You will be prompted to "Submit Inline" to run the query immediately.
Answer: D

3. Which of the following is a supported mitigation feature on the MARS Appliance?
A. Generating and pushing configuration commands to Layer 3 devices
B. Generating and pushing configuration commands to Layer 2 devices
C. Automatically dropping all suspected traffic at the nearest firewall
D. Automatically dropping all suspected traffic at the nearest IPS appliance
Answer: B

4. When adding a device to the MARS Appliance, what is the reporting IP address of the device?
A. the source IP address that sends syslog information to the MARS Appliance
B. the IP address MARS uses to access the device via SNMP
C. the IP address MARS uses to access the device via Telnet or SSH
D. the pre-NAT IP address of the device
E. the highest loopback IP address configured on the Cisco reporting device
Answer: A

5. What are three benefits in deploying MARS Appliances using the Global and Local Controllers' architecture? (Choose three.)
A. A Global Controller can provide a summary of all Local Controllers information (network topologies, incidents, queries, and reports result).
B. A Global Controller can provide a central point for creating rules and queries, which are applied to multiple Local Controllers simultaneously.
C. The architecture provides redundancy in case one of the MARS Local Controllers failed within a zone.
D. Users can seamlessly navigate to any Local Controllers from the Global Controller GUI.
E. A Global Controller can correlate events from multiple Local Controllers to perform global sessionizations.
Answer: ABD

6. A MARS Appliance cannot access certain devices through the default gateway. Troubleshooting has determined that this is a MARS configuration issue. Which additional MARS configuration will be required to correct this issue?
A. Use the MARS GUI to enable a dynamic routing protocol.
B. Use the MARS GUI to add a static route.
C. Use the MARS GUI to configure multiple default gateways.
D. Use the MARS CLI to enable a dynamic routing protocol.
E. Use the MARS CLI to add a static route.
F. Use the MARS CLI to configure multiple default gateways.
Answer: E

7. The MARS Appliance (running release 3.4.1) supports which protocol for data archiving and restoring?
A. NFS
B. TFTP
C. FTP
D. secured FTP
Answer: A

8. Which three statements are correct about the MARS Global Controller? (Choose three.)
A. The Global Controller can correlate events from different Local Controllers into a common session.
B. One Global Controller can support multiple Local Controllers.
C. Each zone can have one Local Controller.
D. All Local Controllers events are propagated to the Global Controller for correlations.
E. The Global Controller and the Local Controllers can be running different MARS OS versions.
F. Based on a selected Local Controller, incidents on the Global Controller can be viewed.
Answer: BCF

9. Which action enables the MARS Appliance to ignore false positive events by either dropping the events completely, or by just logging them to the database?
A. Creating System Inspection Rules using the Drop operation
B. Creating Drop Rules
C. Inactivating the Rules
D. Inactivating events
E. Deleting the false positive events from the Incidents > False Positives screen
F. Deleting the false positive events from the Management > Event Management screen
Answer: B

10. When restoring archived data to a MARS Appliance, which is the best practice to follow?
A. Use HTTPS to protect the data transfer.
B. Use secured FTP to protect the data transfer.
C. Use "mode 5" restore from the MARS CLI to provide enhanced security during the data transfer.
D. Use the Admin > System Maintenance > Data Archiving on the MARS GUI to perform restore operations online.
E. To avoid problems, only restore to a same or higher-end MARS Appliance.
Answer: E

11. Which is a benefit of using the dollar variable (like $TARGET01) when creating queries in MARS?
A. The dollar variable enables multiple queries to reference the same common 5-tuples information using a variable.
B. The dollar variable ensures that the probes and attacks that are reported are happening to the same host.
C. The dollar variable allows matching of any unknown reporting device.
D. The dollar variable allows matching of any event type groups.
E. The dollar variable enables the same query to be applied to different reports.
Answer: B

12. What enables the MARS Appliance to profile network usage and detect statistically significant anomalous behavior from a computed baseline?
A. MARS Global Controller
B. VMS
C. Netflow
D. CiscoWorks
E. MARS custom parser
Answer: C

13. Which two of the following are required to enable MARS level 3 operations? (Choose two.)
A. Global Controller
B. vulnerability scanning
C. Netflow
D. SNMP community string
E. username and password to log in to the device
Answer: DE

14. Regarding MARS Appliance rules, which three statements are correct? (Choose three.)
A. There are three types of rules: System Inspection Rules, User Inspection Rules, and Drop Rules.
B. Rules can be saved as reports.
C. Rules can be deleted.
D. Rules trigger incidents.
E. Rules can be defined using a seed file.
F. Rules can be created using a query.
Answer: ADF