Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 29

Which two tasks allow NetFlow on a Cisco ASA 5500 Series firewall? (Choose two.)

Answer options

• A. Define a NetFlow collector by using the flow-export command
• B. Create a class map to match interesting traffic
• C. Create an ACL to allow UDP traffic on port 9996
• D. Enable NetFlow Version 9
• E. Apply NetFlow Exporter to the outside interface in the inbound direction

Correct answer: A, B

Explanation

The correct answers are A and B because defining a NetFlow collector with the flow-export command and creating a class map to match interesting traffic are both necessary steps for enabling NetFlow. Options C, D, and E are not directly related to the basic setup required to allow NetFlow functionality on the firewall.