A facility operates a specialized system managing water treatment. Administrators want to gather real-time traffic data and identify unusual activity with minimal impact on daily operations. Which approach meets this goal?
Disconnect the device from production and perform a standalone review
Run active scans that generate synthetic probes against the device
Configure a mirrored connection on the switch and collect data silently
Simulate intrusive threats on the system to track alerts in real time
Using a mirrored port gathers information passively, allowing a security team to examine communication without interrupting the specialized process. Working with a mirrored port often reduces the risk of introducing instability or downtime during analysis. Direct scans with injected packets or traffic interruptions can disrupt routine tasks, and removal of the system for offline checks typically delays ongoing processes. Adding suspicious samples to the network can also create instability and risk unintended outcomes.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a mirrored port on a switch?
Open an interactive chat with Bash
Why is passive monitoring preferred for specialized systems?
Open an interactive chat with Bash
What are the risks of active scans or intrusive simulations in sensitive environments?