A security architect is designing a monitoring solution for a critical, high-throughput database server link. The solution MUST capture 100% of the traffic, including any malformed packets, without introducing latency or becoming a single point of failure. Which of the following is the MOST appropriate solution to meet these requirements?
A physical network Tap is the correct choice because it is specifically designed to meet these stringent requirements. Taps are hardware devices that operate at the physical layer (Layer 1) to create an exact copy of all traffic, including physical layer errors and malformed packets, without altering the traffic. They are passive and fail-safe, meaning they do not introduce latency or become a point of failure; if the Tap loses power, traffic continues to flow unimpeded. A Switched Port Analyzer (SPAN) port is less suitable because switches treat SPAN traffic as a low priority and can drop packets under high load, failing the 100% capture requirement. A transparent proxy and an inline IPS are both active, inline devices that process traffic, inherently introducing latency and acting as single points of failure, which violates the stated requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Physical Tap in networking?
Open an interactive chat with Bash
How does a Physical Tap differ from an inline device like a firewall or proxy?
Open an interactive chat with Bash
What makes Physical Taps suitable for high-availability environments?