350-701 Question #112: Real Exam Question with Answer & Explanation

Question

Which statement about the configuration of Cisco ASA NetFlow v9 Secure Event Logging is true?

Options

• ATo view bandwidth usage for NetFlow records, the QoS feature must be enabled.
• BA sysopt command can be used to enable NSEL on a specific interface.
• CNSEL can be used without a collector configured.
• DA flow-export event type must be defined under a policy.

Explanation

For Cisco ASA NetFlow v9 Secure Event Logging (NSEL), a flow-export event type command must be explicitly defined under a policy map to specify which security events are exported.

Common mistakes.

• A. While NetFlow can provide data for bandwidth usage, enabling the QoS (Quality of Service) feature is not a prerequisite for configuring or viewing NetFlow records or NSEL on the ASA.
• B. NSEL is enabled and configured using flow-export commands within a policy-map applied to an interface, not through a sysopt command, which typically controls global system options.
• C. NSEL is designed to export event records to an external NetFlow collector for analysis and storage; it cannot be effectively used without a collector configured to receive these records.

Concept tested. Cisco ASA NSEL configuration

Reference. https://www.cisco.com/c/en/us/td/docs/security/asa/asa90/configuration/guide/asa_90_cli_config/monitor_netflow.html#pgfId-1077678

No community discussion yet for this question.