350-701 · Question #112
Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?
The correct answer is D. A flow-export event type must be defined under a policy.. For Cisco ASA NetFlow v9 Secure Event Logging (NSEL), a flow-export event type command must be explicitly defined under a policy map to specify which security events are exported.
Question
Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?
Options
- ATo view bandwidth usage for NetFlow records, the QoS feature must be enabled.
- BA sysopt command can be used to enable NSEL on a specific interface.
- CNSEL can be used without a collector configured.
- DA flow-export event type must be defined under a policy.
How the community answered
(57 responses)- A12% (7)
- B4% (2)
- C5% (3)
- D79% (45)
Why each option
For Cisco ASA NetFlow v9 Secure Event Logging (NSEL), a `flow-export event type` command must be explicitly defined under a policy map to specify which security events are exported.
While NetFlow can provide data for bandwidth usage, enabling the QoS (Quality of Service) feature is not a prerequisite for configuring or viewing NetFlow records or NSEL on the ASA.
NSEL is enabled and configured using `flow-export` commands within a `policy-map` applied to an interface, not through a `sysopt` command, which typically controls global system options.
NSEL is designed to export event records to an external NetFlow collector for analysis and storage; it cannot be effectively used without a collector configured to receive these records.
In Cisco ASA NSEL, the `flow-export event type` command must be configured within a policy map applied to an interface to instruct the ASA to generate and export NetFlow records for specific security events like flow creation, denial, or teardown.
Concept tested: Cisco ASA NSEL configuration
Source: https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/monitor_netflow.html#pgfId-1077678
Topics
Community Discussion
No community discussion yet for this question.