Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 561

A network administrator is setting up Cisco FMC to send logs to Cisco Security Analytics and Logging (SaaS). The network administrator is anticipating a high volume of logging events from the firewalls and wants to limit the strain on firewall resources. Which method must the administrator use to send these logs to Cisco Security Analytics and Logging?

Answer options

• A. direct connection using SNMP traps
• B. HTTP POST using the Security Analytics FMC plugin
• C. syslog using the Secure Event Connector
• D. SFTP using the FMC CLI

Correct answer: C

Explanation

The correct answer is C because using syslog with the Secure Event Connector is the most efficient way to manage a high volume of logs without overloading the firewall's resources. The other options, such as SNMP traps and HTTP POST, do not provide the same level of log management and efficiency for high-volume scenarios.