论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2011-03-01 09:00 |只看该作者 |倒序浏览

最新642-567题库分享1. Regarding MARS Appliance rules, which three statements are correct? (Choose three.)A. There are three types of rules: System Inspection Rules, User Inspection Rules, and Drop Rules.B. Rules can be saved as reports.C. Rules can be deleted.D. Rules trigger incidents.E. Rules can be defined using a seed file.F. Rules can be created using a query.Answer: ADF2. Which action enables the MARS Appliance to ignore false positive events by either dropping the events completely, or by just logging them to the database?A. Creating System Inspection Rules using the Drop operationB. Creating Drop RulesC. Inactivating the RulesD. Inactivating eventsE. Deleting the false positive events from the Incidents > False Positives screenF. Deleting the false positive events from the Management > Event Management screenAnswer: B3. Which of the following is a supported mitigation feature on the MARS Appliance?A. Generating and pushing configuration commands to Layer 3 devicesB. Generating and pushing configuration commands to Layer 2 devicesC. Automatically dropping all suspected traffic at the nearest firewallD. Automatically dropping all suspected traffic at the nearest IPS applianceAnswer: B4. Which browser plug-in is required to view the charts and graphs on the MARS Appliance?A. Macromedia Flash PlayerB. Sun Microsystems JavaC. Microsoft PowerPointD. Adobe SVG ViewerAnswer: D5. A MARS Appliance cannot access certain devices through the default gateway. Troubleshooting has determined that this is a MARS configuration issue. Which additional MARS configuration will be required to correct this issue?A. Use the MARS GUI to enable a dynamic routing protocol.B. Use the MARS GUI to add a static route.C. Use the MARS GUI to configure multiple default gateways.D. Use the MARS CLI to enable a dynamic routing protocol.E. Use the MARS CLI to add a static route.F. Use the MARS CLI to configure multiple default gateways.Answer: E6. When adding a device to the MARS Appliance, what is the reporting IP address of the device?A. the source IP address that sends syslog information to the MARS ApplianceB. the IP address MARS uses to access the device via SNMPC. the IP address MARS uses to access the device via Telnet or SSHD. the pre-NAT IP address of the deviceE. the highest loopback IP address configured on the Cisco reporting deviceAnswer: A7. What enables the MARS Appliance to profile network usage and detect statistically significant anomalous behavior from a computed baseline?A. MARS Global ControllerB. VMSC. NetflowD. CiscoWorksE. MARS custom parserAnswer: C8. Which is a benefit of using the dollar variable (like $TARGET01) when creating queries in MARS?A. The dollar variable enables multiple queries to reference the same common 5-tuples information using a variable.B. The dollar variable ensures that the probes and attacks that are reported are happening to the same host.C. The dollar variable allows matching of any unknown reporting device.D. The dollar variable allows matching of any event type groups.E. The dollar variable enables the same query to be applied to different reports.Answer: B9. What will happen if you try to run a MARS query that will take a long time to complete?A. After submitting the query, the MARS GUI screen will be locked up until the query completes.B. The query will be automatically saved as a rule.C. The query will be automatically saved as a report.D. You will be prompted to "Submit Batch" to run the query in batch mode.E. You will be prompted to "Submit Inline" to run the query immediately.Answer: D10. The MARS Appliance (running release 3.4.1) supports which protocol for data archiving and restoring?A. NFSB. TFTPC. FTPD. secured FTPAnswer: A

返回列表

Chinaunix › 论坛 › 综合交流区 › IT培训与认证 › 642-567题库下载

642-567题库下载 [复制链接]

浏览过的版块