Exam PCNSE topic 1 question 378 discussion

The correct answer is C. As it specifically states in the question that security rules will be applied, VWire is the only method that allows this without making any IP address changes.

Maybe C as security rules will also be applied later

Well, he definitely could use A to monitor the traffic, but you would have to reconfigure the fw to use the vwire to apply security changes. Still you can have the vwire and an initial allow rule for all of the X segment traffic and there you get to have your visibility without disrupting the network.

Because of security rules creation it needs to be VWIRE. TAP will gain visibility but you will not be able to create security rules.

security rules will be applied but this is only to monitor the traffic. The least intrusive way is TAP mode.

It needs to apply security policies which TAP can not to so it's C.

I think C

C - The administrator is planning to apply Security rules on segment X after getting the visibility.

the answer is A - A firewall administrator wants to have visibility on one segment of the company network. Guys why don’t you read with understanding?

In the exam, July 2023.

Key word== The administrator is planning to apply Security rules on segment X after getting the visibility..... and you cannot apply security rules on segment X using a TAP mode.

apply Security rules

A - Tap admin just wants to have traffic visibility.

TAP Interface: A TAP interface allows you to monitor network traffic without disrupting the existing traffic flow. It operates in a passive mode, where it copies traffic for analysis without impacting the original traffic. This means you can gain visibility into segment X without changing the routing or IP configurations. Minimum Service Interruptions: Since the TAP interface is passive and does not actively participate in routing or affecting traffic, it minimizes service interruptions. It won't introduce any routing changes or disruptions to segment X. No IP Changes: The administrator wants to avoid making IP changes, and configuring a TAP interface allows you to do just that. It won't require any IP address changes or reconfiguration of the existing network.

I'm on the "C" team. At first I thought the Admin could just "TAP" the backbone switch for visibility, but since the goal is to apply Security rules on the segment that is being monitored, vWire makes the most sense.

Gotta be C. The traffic isnt on the firewall yet and so a tap wont help. Only a virtual-wire will allow for visibility, security policy, no IP changes, and low down-time.

The key word is "after". This question mention: "The administrator is planning to apply Security rules on segment X AFTER getting the visibility"... I think that TAP is the best option