210-255 · Question #178
Refer to the exhibit. What device is this taken from?
The correct answer is C. firewall. Firewall logs are distinguished by their explicit permit or deny action fields alongside source and destination IP addresses, ports, protocol, and interface direction.
Question
Refer to the exhibit. What device is this taken from?
Options
- Aweb proxy
- BIDS
- Cfirewall
- DNetFlow
How the community answered
(53 responses)- A6% (3)
- B4% (2)
- C74% (39)
- D17% (9)
Why each option
Firewall logs are distinguished by their explicit permit or deny action fields alongside source and destination IP addresses, ports, protocol, and interface direction.
A web proxy log would contain HTTP-specific fields such as requested URLs, HTTP methods, response codes, and user-agent strings, which are absent from firewall output.
An IDS alert log would include signature or rule IDs, alert priority levels, and attack classification labels rather than simple permit and deny action entries.
Firewall logs record access control enforcement decisions and characteristically include fields such as source IP, destination IP, port numbers, transport protocol, interface direction, and an explicit allow or deny action outcome. This combination of traffic identification tuples with a policy decision field is the defining characteristic of firewall log output and is not present in other device log types.
NetFlow data contains traffic flow statistics such as byte and packet counts and flow duration but does not include explicit access control decision fields like permit or deny.
Concept tested: Identifying firewall log output characteristics
Source: https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/general/asa-96-general-config/monitor-syslog.html
Topics
Community Discussion
No community discussion yet for this question.