In a highly secure network environment with strict throughput requirements, which device attribute would MOST likely be preferred when implementing a security control intended to scrutinize traffic without causing significant latency?
An inline security device configured to interact with traffic
An active security device configured to make real-time decisions
A security device configured to fail-open to reduce latency
A tap/monitor setup that passively observes traffic
A tap/monitor setup is preferred in scenarios where monitoring is essential, but it is crucial not to introduce latency or a single point of failure within the network traffic flow. An inline device would actively interact with traffic, potentially introducing latency, which is undesirable in strict throughput environments. Active devices are designed to intervene and could affect performance, whereas fail-open implies a state during failure, which is not relevant to the operational performance during normal conditions.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a tap/monitor setup in a network?
Open an interactive chat with Bash
Why does an inline security device cause latency?
Open an interactive chat with Bash
What is the difference between 'fail-open' and 'fail-closed' security devices?