nerdexam
Exams300-710Questions#163
CiscoCisco

300-710 · Question #163

300-710 Question #163: Real Exam Question with Answer & Explanation

The correct answer is A: Send Cisco FTD connection events directly to a SIEM system and forward security events from. To address concerns about Cisco FMC's ability to process a high volume of logs from many FTD devices, it is best to send the high-volume connection events directly from the FTDs to a SIEM system. This offloads the primary log processing burden from the FMC, while security events

Configuration

Question

A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that will be generated. Which configuration addresses concern this?

Options

  • ASend Cisco FTD connection events directly to a SIEM system and forward security events from
  • BSend Cisco FTD connection events and security events directly to SIEM system for storage and
  • CSend Cisco FTD connection events and security events to a cluster of Cisco FMC devices for
  • DSend Cisco FTD connection events and security events to Cisco FMC and configure it to forward

Explanation

To address concerns about Cisco FMC's ability to process a high volume of logs from many FTD devices, it is best to send the high-volume connection events directly from the FTDs to a SIEM system. This offloads the primary log processing burden from the FMC, while security events can still be handled by FMC or forwarded.

Common mistakes.

  • B. While sending all events directly to a SIEM would offload the FMC, it might bypass the FMC's native capabilities for security event correlation and dashboarding, which are valuable features. Option A provides a more balanced approach.
  • C. Clustering Cisco FMC devices provides high availability and redundancy, but it does not directly scale the log processing capacity in a way that offloads the initial ingress processing of raw logs from multiple FTDs.
  • D. Sending all connection and security events to the FMC first, and then configuring the FMC to forward them, does not alleviate the initial processing load on the FMC, which is the core concern of this question.

Concept tested. Cisco FTD/FMC logging strategy for scale

Reference. https://www.cisco.com/c/en/us/td/docs/security/firepower/620/configuration/guide/fpmc-config-guide-v62/log_to_an_external_syslog_server.html

Topics

#FTD logging#FMC performance#SIEM integration#Log management

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 300-710 PracticeBrowse All 300-710 Questions