Implementing Cisco Edge Network Security Solutions (SENSS, legacy) — Question 7

Which three configuration tasks do you perform to allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose three.)

Answer options

• A. Create an ACL to allow UDP traffic on port 9996
• B. Create a class map to match interesting traffic
• C. Define a NetFlow collector by using the flow-export command
• D. Apply NetFlow Exporter to the outside interface in the inbound direction
• E. Enable NetFlow Version 9
• F. Apply the newly created class map to the global policy

Correct answer: B, C, E

Explanation

The correct tasks to enable NetFlow are to create a class map to match interesting traffic (B), define a NetFlow collector using the flow-export command (C), and enable NetFlow Version 9 (E). The other options, while related to traffic handling and configuration, do not directly contribute to the enabling of NetFlow on the firewall.