Implementing Cisco Application Centric Infrastructure (DCACI) — Question 178

An engineer must implement user activity tracking in the Cisco ACI with a solution that meets these requirements:
• All user activity that is related to the Cisco ACI infrastructure hardware must be tracked.
• All audit logs with severity level 5 and below must be collected and exported.
• Logs must be exported to a Security Information and Event Management (SIEM) appliance.

Which set of steps must be taken?

Answer options

• A. Create a Syslog Monitoring Destination Group with a remote destination of the SIEM device. Create a Tenant-level Syslog Source under the Monitoring section of the Tenant Tab. Select Audit Logs and a severity level of Warning,
• B. Create a Syslog Monitoring Destination Group with a Local File destination. Create an Access-level Syslog Source under the Monitoring section of the Fabric Tab. Select Fault Logs and a severity level of Notification.
• C. Create a Syslog Monitoring Destination Group with a remote destination of the SIEM device. Create a Fabric-level Syslog Source under the Monitoring section of the Fabric Tab. Select Audit Logs and a severity level of Notification.
• D. Create a Syslog Monitoring Destination Group with Console Destination. Create a System-level Syslog Source under the Monitoring section of the System Tab. Select Session Logs and a severity level of Warning.

Correct answer: C

Explanation

The correct answer is C because it correctly specifies creating a Syslog Monitoring Destination Group with a remote destination for the SIEM device and selecting Audit Logs with a suitable severity level. Options A and D do not meet the requirement of using severity level 5 or lower for audit logs, and option B does not use a remote destination for log export, which is necessary to send logs to the SIEM appliance.