A security administrator needs to deploy a network security device that will analyze and potentially block malicious traffic without being bypassed if it fails. Which deployment option aligns best with this requirement?
Implement the device as an external monitor that gets copied traffic from a network switch.
Deploy the device in inline mode with fail-closed configuration.
Use port mirroring to duplicate traffic to the device.
Set up the device as a network tap to passively monitor traffic.
An inline device is deployed directly on the network path; all traffic must pass through it. This is ideal for scenarios where traffic analysis and blocking potential threats is necessary. Furthermore, since the device must not be bypassed even if it fails, an inline device must be used instead of a tap or monitor mode, which allows traffic to bypass the device if it fails or is not active.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'inline mode' mean in the context of network devices?
Open an interactive chat with Bash
What does 'fail-closed' configuration mean, and why is it important?
Open an interactive chat with Bash
How does deploying a network tap or using port mirroring differ from inline mode?