nerdexam
Exams300-620Questions#263
Cisco

300-620 · Question #263

300-620 Question #263: Real Exam Question with Answer & Explanation

The correct answer is C: Create a Syslog Monitoring Destination Group with a remote destination of the SIEM device.. Fabric > Fabric > Policies > Monitoring > default > Callhome/Smart Callhome/SNMP/Syslog/TACACs uni/fabric/monfab-default Create Syslog Source Provide a name for this source (i.e., FabricDefaultSyslog) Select the Minimum Syslog Severity Level (default is warning; we have changed t

Question

An engineer must implement user activity tracking in the Cisco ACI with a solution that meets these requirements: - All user activity that is related to the Cisco ACI infrastructure hardware must be tracked. - All audit logs with severity level 5 and below must be collected and exported. - Logs must be exported to a Security Information and Event Management (SIEM) appliance. Which set of steps must be taken?

Options

  • ACreate a Syslog Monitoring Destination Group with a remote destination of the SIEM device.
  • BCreate a Syslog Monitoring Destination Group with a Local File destination.
  • CCreate a Syslog Monitoring Destination Group with a remote destination of the SIEM device.
  • DCreate a Syslog Monitoring Destination Group with Console Destination.

Explanation

Fabric > Fabric > Policies > Monitoring > default > Callhome/Smart Callhome/SNMP/Syslog/TACACs uni/fabric/monfab-default Create Syslog Source Provide a name for this source (i.e., FabricDefaultSyslog) Select the Minimum Syslog Severity Level (default is warning; we have changed this to Select the categories of messages to source (default is faults; we have selected all categories) Select the Destination Syslog Server (this is the server we previously defined) https://unofficialaciguide.com/2018/08/11/configuring-syslog-for-aci/

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-620 Practice