Review Questions

You can find the answers to the review questions in Appendix A, "Answers to Review Questions."

1. After adding any new monitored device into CS-MARS, what must be done before CS-MARS analyzes events sent from that device?

a. CS-MARS must be rebooted.

b. The Activate button must be clicked to synchronize the GUI to the back-end database.

c. You must select the Analyze Events button next to the device on the Report tab.

d. Nothing needs to be done after adding the new device through the GUI.

2. What protocol/port do Cisco IOS routers (by default) use to send NetFlow data to CS-MARS?

a. UDP/5520

b. TCP/5520

c. UDP/2055

d. TCP/2055

3. What version(s) of NetFlow does CS-MARS support?

4. When discovering a monitored device, which of the following protocols is not supported by CS-MARS?

c. Syslog d. Telnet

5. What utility is used to send ACS events as syslogs to CS-MARS?

a. pnlog agent b. mars-syslog.exe c. syslog.exe d. csagent

6. Events from which log file are not forwarded to CS-MARS from the ACS server?

a. Failed Attempts b. Passed Authentications c. RADIUS Accounting d. TACACS+ Accounting

7. When adding a new monitored device into CS-MARS, which protocol used during discovery requires the access IP and reporting IP to be different?


d. Telnet

8. When sending syslogs from monitored devices to CS-MARS, if the traffic flow passes through a firewall, what protocol and port must be allowed through for the syslogs to reach CS-MARS?

b. TCP/513

c. TCP/514

d. UDP/513

e. UDP/514

a. Directly, via syslog b. Indirectly; the CSA-MC sends the events via Syslog c. Directly, via SNMP traps d. Indirectly; the CSA-MC sends the events via SNMP traps e. CS-MARS cannot receive individual agent events.

10. True or false: CS-MARS can automatically discover CSA agents and add them to the database.

This page intentionally left blank


0 0

Post a comment