210-260 · Question #5
210-260 Question #5: Real Exam Question with Answer & Explanation
The correct answer is B: Enable logging at the end of the session. When the system detects a connection, in most cases you can log it at its beginning or its end. However, because blocked traffic is immediately denied without further inspection, in most cases you can log only beginning-of-connection events for blocked or blacklisted traffic; the
Question
Options
- AEnable logging at the beginning of the session
- BEnable logging at the end of the session
- CEnable alerts via SNMP to log events off-box
- DEnable eStreamer to log events off-box
Explanation
When the system detects a connection, in most cases you can log it at its beginning or its end. However, because blocked traffic is immediately denied without further inspection, in most cases you can log only beginning-of-connection events for blocked or blacklisted traffic; there is no unique end of connection to log. An exception occurs when you block encrypted traffic. When you enable connection logging in an SSL policy, the system logs end-of-connection rather than beginning-of-connection events. This is because the system cannot determine if a connection is encrypted using the first packet in the session, and thus cannot immediately block encrypted System-UserGuide-v5401/AC-Connection-Logging.html#pgfId-1604681
Community Discussion
No community discussion yet for this question.