Implementing Cisco Security Monitoring, Analysis
and Response System
Referring to the rule shown on the MARS GUI screen, which two of the following statements
are correct? (Choose two.)
A. This rule will fire if the offset 1 condition occurs "OR" if the offset 2 condition occurs.
B. This rule will fire if the offset 3 condition occurs.
C. The expressions between cells are "AND' while the expressions between items in the same
cell are "OR".
D. This is a user-defined rule.
E. This rule can be deleted after changing its status to "inactive."
Answer: B, C
To configure a Microsoft Windows IIS server to publish logs to the Cisco Security MARS,
which log agent is installed and configured on the Microsoft Windows IIS server?
A. pnLog agent
B. Cisco Security MARS agent
D. None. Cisco Security MARS is an agentless device.
A Cisco Security MARS appliance cannot access certain devices through the default gateway.
Troubleshooting has determined that this is a Cisco Security MARS configuration issue.
Which additional Cisco Security MARS configuration will be required to correct this issue?
A. use the Cisco Security MARS GUI or CLI to enable a dynamic routing protocol
B. use the Cisco Security MARS CLI to add a static route
C. use the Cisco Security MARS GUI to configure multiple default gateways
D. use the Cisco Security MARS GUI or CLI to configure multiple default gateways
Which action enables the Cisco Security MARS appliance to ignore false-positive events by
either dropping the events completely, or by just logging them to the database?
A. creating system inspection rules using the drop operation
B. creating drop rules