Quiz 642-544

Quiz 642-544, MARS – Implementing Cisco Security Monitoring, Analysis and Response System

Which two statements are correct?

What three data points are used to correlate reports in the Cisco Security MARS?

which log agent is installed and configured on the Microsoft Windows IIS server?

Which of the following alert actions can be transmitted to a user as notification that a Cisco Security MARS rule has fired, and that an incident has been logged?

Which three statements are true about Cisco Security MARS rules?

Which action enables the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely, or by just logging them to the database?

What are three ways to add devices to the Cisco Security MARS appliance?

Which additional Cisco Security MARS configuration will be required to correct this issue?

What is a benefit of using the dollar variable (as in $TARGET01) when creating queries in Cisco Security MARS?