You would like to investigate an incident and have already enabled the Log Pair Packets action on various signatures being triggered. What should you do next?
A.
Use CLI to send the IP log to a PC using TFTP, then open it with Notepad to view and interpret the contents.
B.
Use Cisco IDM to download the IP log to a management station then use a packet analyzer like Ethereal to decode the IP log.
C.
Use the External Product Interface feature to download the IP log to Cisco Security MARS for incident investigation.
D.
Use Cisco Security Manager to retrieve the IP log then use the Cisco Security Manager IPS Manager to decode the IP log.
E.
Use Cisco IEV to retrieve the IP log then use the IEV Generate Reports function to produce a report based on the IP log content.
Explanation:
“Pass Any Exam. Any Time.” – www. 4
Cisco 642-533: Practice Exam