Which Sourcefire logging action should you choose to record the most detail about a connection?

Which Sourcefire logging action should you choose to record the most detail about a connection?
A . Enable logging at the end of the session.
B . Enable logging at the beginning of the session.
C . Enable alerts via SNMP to log events off-box.
D . Enable eStreamer to log events off-box.

View Answer

Answer: A

Explanation:

FirePOWER (former Sourcefire)

Logging the Beginning And End of Connections

When the system detects a connection, in most cases you can log it at its beginning and its end. For a single non-blocked connection, the end-of-connection event contains all of the information in the beginning-of-connection event, as well as information gathered over the duration of the session.

Source: http://www.cisco.com/c/en/us/td/docs/security/firesight/541/firepower-module-user­guide/asa-firepower- module-user-guide-v541/AC-Connection-Logging.html#15726