PrepAway - Latest Free Exam Questions & Answers

Which of the following is true?

You enable logging at the end of the session in Cisco FireSIGHT Management Center.
Which of the following is true? (Select the best answer.)

PrepAway - Latest Free Exam Questions & Answers

A.
The log will contain less information than at the beginning of the session.

B.
You will not be able to log connections handled by an SSL policy.

C.
Information will be based on only the first few packets of a connection.

D.
The log will contain information from throughout the course of a connection.

Explanation:
In Cisco FireSIGHT Management Center, the log will contain information from throughout the course of a
connection if you enable logging at the end of the session, which is also known as endofconnection logging.
Endofconnection events are generated when a connection closes, times out, or can no longer be tracked
because of memory constraints. Endofconnection events contain significantly more information than
beginningofconnection events because they can draw upon data collected throughout the course of a
connection. This additional information can be used to create traffic profiles, generate connection summaries,
or graphically represent connection data. In addition, the data can be used for detailed analysis or to trigger
correlation rules based on session data. Endofconnection events are also required to log encrypted
connections that are handled by a Secure Sockets Layer (SSL) policy because there is not enough information
in the first few packets to indicate that a connection is encrypted.Beginningofconnection events contain less information than endofconnection events. Cisco FireSIGHT
Management Center, which was formerly called Sourcefire Defense Center, can log beginningofconnection
events and endofconnection events for various types of network traffic. Although most network traffic will
generate both kinds of events, blocked or blacklisted traffic is typically denied without further processing and
therefore only generates beginningofconnection events. Beginningofconnection events contain a limited amount
of information because they are generated based on the information contained in the first few packets of a
connection.

Cisco: Logging Connections in Network Traffic: Logging the Beginning or End of Connections


Leave a Reply