nerdexam
Exams210-255Questions#178
Cisco

210-255 · Question #178

210-255 Question #178: Real Exam Question with Answer & Explanation

The correct answer is C: firewall. Firewall logs are distinguished by their explicit permit or deny action fields alongside source and destination IP addresses, ports, protocol, and interface direction.

Question

Refer to the exhibit. What device is this taken from?

Options

  • Aweb proxy
  • BIDS
  • Cfirewall
  • DNetFlow

Explanation

Firewall logs are distinguished by their explicit permit or deny action fields alongside source and destination IP addresses, ports, protocol, and interface direction.

Common mistakes.

  • A. A web proxy log would contain HTTP-specific fields such as requested URLs, HTTP methods, response codes, and user-agent strings, which are absent from firewall output.
  • B. An IDS alert log would include signature or rule IDs, alert priority levels, and attack classification labels rather than simple permit and deny action entries.
  • D. NetFlow data contains traffic flow statistics such as byte and packet counts and flow duration but does not include explicit access control decision fields like permit or deny.

Concept tested. Identifying firewall log output characteristics

Reference. https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/monitor-syslog.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 210-255 Practice