PrepAway - Latest Free Exam Questions & Answers

You have issued the flow-export destination inside 10.10.10.110 command on a Cisco ASA.

You have issued the flow-export destination inside 10.10.10.110 command on a Cisco ASA.

Which of the following NSEL event types will be exported to the specified collector by default?

A. only flow-denied events

B. only flow-create events

C. only flow-teardown events

D. all

E. none

Explanation:
After issuing the flow-export destination inside 10.10.10.110 command on a Cisco Adaptive Security Appliance (ASA), no NetFlow Secure Event Logging (NSEL) events will be exported by default to the specified collector. The flow-export destination command is used on a Cisco ASA to specify an NSEL collector. However, without a global policy that specifies the event types that should be exported, no NSEL events will be exported. Flow-export actions are used in a global policy to export specific NSEL events to a collector.

When configuring NetFlow on a Cisco ASA, you can use the Modular Policy Framework (MPF) to create a service policy to export event data for a specific type of event and for specific traffic flows. First, you should create a class map to identify traffic that will be exported to the collector. The class map can use an access control list (ACL) to match specific traffic, or it can be configured to match any traffic.

Next, you should create a policy map to define the action that should be used for traffic identified by the associated class map. The flow-export event-type event-type destination flow-export-host1 [flow-export-host2] command can be used to specify that events of a certain type be forwarded to a particular collector IP address. The ASA can generate the following NSEL events: flow-create, flow-denied, flow-teardown, and flow-update. In addition, you can use the all keyword to specify that all NSEL event types should be forwarded to the specified destination. Finally, you should create a service policy to apply the policy map to the ASA globally.

Reference: https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/monitor_nsel.html#34005
https://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/monitor_nsel.html#68826


Leave a Reply