1.
The Cisco Security Monitoring, Analysis, and Response System (Cisco Security MARS) is an appliance-based, all-inclusive solution that provides unmatched insight and control of your existing security deployment. What Cisco Security MARS event information derived from the reporting device raw message is not passed to Cisco Security Manager to perform Cisco Security Manager policy lookup?
2.
Once data archiving has been enabled on the Cisco Security MARS appliance when does archiving initially occur?
3.
Match the correct relationship between the Cisco Security MARS terms and their definitions.
1. queries
2. events
3. sessions
4. incidents
5. rules
4.
Which attack can be detected by Cisco Security MARS by use of NetFlow data?
5.
Which option is correct about the case management feature of Cisco Security MARS?
6.
Which protocol is used by Juniper NetScreen IDP to exchange IPS events with the Cisco Security MARS?
7.
Observe the following items carefully, what enables the Cisco Security MARS appliance to profile network usage and detect statistically significant anomalous behavior from a computed baseline?
8.
Which method can be used by the Cisco Security MARS appliance to perform IP address correlation (that is, map IP address translation) across NAT and PAT boundaries?
9.
Which description is correct with regard to Cisco Security MARS and Cisco IPS signature support?
10.
What will occur when you try to run a Cisco Security MARS query that will take a long time to complete?