Exam 300-710 topic 1 question 39 discussion

To meet the requirements of inspecting a unique IPS policy and logging rule matching in a new access control policy using Cisco FMC, the correct action is: A. Configure an IPS policy and enable per-rule logging. This approach ensures that each rule within the access control policy can be inspected with the specified IPS policy and that logging is enabled for each rule to track and log matching traffic Option C: Configure an IPS policy and enable global logging. This would apply the IPS policy and enable logging globally, but it might not provide the granularity needed for per-rule inspection and logging

The policy must inspect a unique IPS policy as well as log "rule" matching, so does it mean the rule is IPS rule or Access Control Policy rule? I can only see logging option at Access Control Policy level. so should the answer "global" is more safe?

"The policy must inspect a unique IPS policy as well as log rule matching" In each policy yo can enable logging for more traffic detail. You also can enable the logging in default policy Answer A

Only A

To meet the requirements of inspecting a unique IPS policy as well as logging rule matching in a new access control policy using Cisco FMC, the engineer should configure an IPS policy and enable per-rule logging. Therefore, the correct answer is A: Configure an IPS policy and enable per-rule logging.

as cewe said, "you can set logging per rule for an access control policy, so A is the right one"

There is no per-rule logging on the system. Also there would be no need to log the ACL rule as an Intrusion event will cause the rule to generate an event.

C, seems to make more sense here I do not think there is a setting to enable per-rule logging