Implementing Cisco Network Security (IINS, legacy) — Question 28

Which SOURCEFIRE logging action should you choose to record the most detail about a connection?

Answer options

• A. Enable logging at the beginning of the session
• B. Enable logging at the end of the session
• C. Enable alerts via SNMP to log events off-box

Correct answer:

Explanation

Choosing to enable logging at the beginning of the session allows for the capture of all details from the outset, which is crucial for understanding the connection's lifecycle. Logging at the end may miss important initial data, while SNMP alerts log events off-box but do not provide a complete picture of the session itself.