SNCF — Securing Networks with Firepower — Question 138

A company has many Cisco FTD devices managed by a Cisco FMC. The security model requires that access control rule logs be collected for analysis. The security engineer is concerned that the Cisco FMC will not be able to process the volume of logging that will be generated. Which configuration addresses concern this?

Answer options

• A. Send Cisco FTD connection events directly to a SIEM system and forward security events from Cisco FMC to the SIEM system for storage and analysis
• B. Send Cisco FTD connection events and security events directly to SIEM system for storage and analysis
• C. Send Cisco FTD connection events and security events to a cluster of Cisco FMC devices for storage and analysis
• D. Send Cisco FTD connection events and security events to Cisco FMC and configure it to forward logs to SIEM for storage and analysis

Correct answer: A

Explanation

Option A is correct because it offloads the processing of connection events directly to the SIEM, reducing the logging burden on the Cisco FMC. The other options either do not alleviate the logging load on the FMC or suggest sending all data to the FMC, which contradicts the concern about its capacity to process the logs.