ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-710 All Questions

View all questions & answers for the 300-710 exam
Go to Exam

Exam 300-710 topic 1 question 158 discussion

Actual exam question from Cisco's 300-710
Question #: 158
Topic #: 1
[All 300-710 Questions]

A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that will be generated. Which configuration addresses concern this?

  • A. Send Cisco FTD connection events directly to a SIEM system and forward security events from Cisco FMC to the SIEM system for storage and analysis
  • B. Send Cisco FTD connection events and security events directly to SIEM system for storage and analysis
  • C. Send Cisco FTD connection events and security events to a cluster of Cisco FMC devices for storage and analysis
  • D. Send Cisco FTD connection events and security events to Cisco FMC and configure it to forward logs to SIEM for storage and analysis
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by DID123 at Feb. 15, 2023, 2:56 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
whysohardwhy
1 week, 1 day ago
Selected Answer: A
A. From attended Cisco training. Connection to SIEM, Security in FMC.
upvoted 1 times
...
Happy_Shepherd26
3 months, 2 weeks ago
Selected Answer: A
From Cisco Official course : If you need to log all traffic information for compliance, you can uncheck Firewall Management Center as a logging destination and just leave the Syslog Server option. This configuration will free up a lot of resources on the FMC as the syslog is being generated directly from the managed device.
upvoted 1 times
...
Doris8000
6 months, 3 weeks ago
This probably confirms the answer A The FMC can log some syslogs. However, it does not have adequate storage provision to accommodate voluminous information from connection events. https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/710/management-center-device-config-71/interfaces-settings-platform.html#task_88952FB807AB4D43B0894F99B215EDD4:~:text=The%20FMC%20can%20log%20some%20syslogs.%20However%2C%20it%20does%20not%20have%20adequate%20storage%20provision%20to%20accommodate%20voluminous%20information%20from%20connection%20events
upvoted 1 times
...
gwb
11 months, 2 weeks ago
my answer is "D". FTD events should be delivered to FMC first and forward to SIEM. so FMC can do analysis itself first before any information is forwarded. FMC storage data can be purged due to a limited storage space. we are using Splunk forwarder as SIEM. FMC is receiving all event and security incidents and forwarding to Splunk for further analysis.
upvoted 2 times
...
Kris92
12 months ago
Selected Answer: B
A does not make any sense to me, the SIEM would have duplicate logs. You can configure FTD to send the ACP logs directly via syslog. https://www.youtube.com/watch?v=GjKavkRbUVg
upvoted 3 times
...
DID123
2 years ago
Selected Answer: A
I think A is the best practices. https://panenka.sk/cisco-fmc-ftd-eventing/#:~:text=FTD%20firewall%20will%20send%20syslogs,still%20delivered%20to%20the%20FMC.
upvoted 4 times
freho
2 years ago
If the FMC cannot handle the load, A makes no sense. Also, in the ACP, you can just decide to log to FMC, Syslog, or both. Direct Syslog is the only thing that makes sense for me here. I go with the original answer.
upvoted 5 times
Bubu3k
1 year, 1 month ago
I looked for configurations where FTD pushes the logs directly towards a SIEM and I could not find any. It seems the only way is FTD>FMC>SIEM. I could be wrong tho
upvoted 1 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago