A network administrator for a small office is adding a passive IDS to its network switch for the purpose of inspecting network traffic. Which of the following should the administrator use?
B. Port mirroring
Explanation:
Port mirroring (also known as SPAN on Cisco devices) is the process of copying network traffic from one port (or a group of ports) on a switch to another port where a monitoring device, such as an Intrusion Detection System (IDS), can inspect the traffic. This is the best method for deploying a passive IDS because it allows the IDS to analyze network traffic without interfering with or disrupting the normal flow of data.
The correct answer is:
B. Port mirroring
Explanation:
Port mirroring (also known as SPAN, Switched Port Analyzer) is the correct method for enabling a passive Intrusion Detection System (IDS) to inspect network traffic. Port mirroring copies all traffic from one or more switch ports or VLANs to a designated port where the IDS is connected. This allows the IDS to analyze the network traffic without interfering with the normal flow of data, fulfilling the requirement for passive monitoring.
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
HeatSquad77
1 week agoSuntzuLegacy
1 month, 1 week ago