Match the correct relationship between the Cisco Security MARS terms and their definitions.

1. queries
2. events
3. sessions
4. incidents
5. rules

Match the correct relationship between the Cisco Security MARS terms and their definitions.

1. queries
2. events
3. sessions
4. incidents
5. rules

Cisco Security MARS combines network intelligence, context correlation, vector analysis, anomaly detection, hotspot identification, and automated mitigation capabilities. Which action will you take to enable the Cisco Security MARS appliance to ignore false-positive events by either dropping the events completely, or by just logging them to the database?

Match the correct relationship between the Cisco Security MARS terms and their definitions.

1. queries
2. events
3. sessions
4. incidents
5. rules

Match the correct relationship between the description and each item.

1. This is exclusive to hosts and software applications running on hosts.
2. It is used to either connect to the device for network-based administrative sessions or connect to a remote server on which a file containing the device’s configuration is stored.
3. It is the source IP address of event messages, logs, notifications, or traps that originate from the device.
4. It refers to the administrative protocol that Cisco Security MARS uses to access a reporting device or mitigation device.

Which two statements accurately describe the Cisco Security MARS rules? (Choose two)

The Cisco Security MARS appliance supports which protocol for data archiving and restoring?

Which three items are true with regard to the Cisco Security MARS syslog forwarding feature for relaying the received syslog data to a syslog server? (Choose three.)

What will occur when you try to run a Cisco Security MARS query that will take a long time to complete?

PassGuide 642-545

Which two statements best describe the Cisco Security MARS Event Management partial screen displayed? (Choose two)