ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-620 All Questions

View all questions & answers for the 300-620 exam
Go to Exam

Exam 300-620 topic 1 question 242 discussion

Actual exam question from Cisco's 300-620
Question #: 242
Topic #: 1
[All 300-620 Questions]

An engineer must implement user activity tracking in the Cisco ACI with a solution that meets these requirements:
• All user activity that is related to the Cisco ACI infrastructure hardware must be tracked.
• All audit logs with severity level 5 and below must be collected and exported.
• Logs must be exported to a Security Information and Event Management (SIEM) appliance.

Which set of steps must be taken?

  • A. Create a Syslog Monitoring Destination Group with a remote destination of the SIEM device.
    Create a Tenant-level Syslog Source under the Monitoring section of the Tenant Tab.
    Select Audit Logs and a severity level of Warning,
  • B. Create a Syslog Monitoring Destination Group with a Local File destination.
    Create an Access-level Syslog Source under the Monitoring section of the Fabric Tab.
    Select Fault Logs and a severity level of Notification.
  • C. Create a Syslog Monitoring Destination Group with a remote destination of the SIEM device.
    Create a Fabric-level Syslog Source under the Monitoring section of the Fabric Tab.
    Select Audit Logs and a severity level of Notification.
  • D. Create a Syslog Monitoring Destination Group with Console Destination.
    Create a System-level Syslog Source under the Monitoring section of the System Tab.
    Select Session Logs and a severity level of Warning.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Sokchen at July 16, 2023, 5:27 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mdriraa
10 months, 1 week ago
Selected Answer: C
C- its very clear/ fabric and SIEM device
upvoted 1 times
...
sailorsoul
1 year, 4 months ago
Selected Answer: C
no doubt it is C. Notification level 5, syslog is configured on the fabric tab.
upvoted 1 times
...
crooks_1988
1 year, 8 months ago
C definetly, Notification = Level 5
upvoted 1 times
...
Mr_Certifiable
1 year, 9 months ago
Selected Answer: C
Fabric > Fabric > Policies > Monitoring > default > Callhome/Smart Callhome/SNMP/Syslog/TACACs uni/fabric/monfab-default Create Syslog Source Provide a name for this source (i.e., FabricDefaultSyslog) Select the Minimum Syslog Severity Level (default is warning; we have changed this to information) Select the categories of messages to source (default is faults; we have selected all categories) Select the Destination Syslog Server (this is the server we previously defined) https://unofficialaciguide.com/2018/08/11/configuring-syslog-for-aci/
upvoted 2 times
...
hrPClK
1 year, 10 months ago
Selected Answer: C
Should be C
upvoted 2 times
...
mcsemcitp
1 year, 10 months ago
Should be C because one of the requirement is "All user activity that is related to the Cisco ACI infrastructure hardware must be tracked"
upvoted 1 times
...
Sokchen
1 year, 10 months ago
I think, C is correct answer
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel