Your company has a strict requirement for monitoring network traffic without introducing any additional latency or potential points of failure within the data path. Which type of security device deployment would best suit the company's needs?
Implement an active intrusion prevention system that inspects and potentially alters network traffic.
Install a Layer 7 firewall to actively inspect all incoming and outgoing packets.
Deploy a passive intrusion detection system that monitors a mirrored copy of the network traffic.
Use a network tap to inject custom packets for traffic shaping and policy enforcement.
A passive device, such as a network tap or a passive intrusion detection system, operates by listening to a copy of the traffic as it flows through the network without actively interacting with it. These devices fulfill the company's requirement by providing monitoring capabilities without adding latency or becoming a point of failure, as they don't sit in-line with the live data stream.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a passive intrusion detection system (IDS)?
Open an interactive chat with Bash
How does a mirrored copy of network traffic work?
Open an interactive chat with Bash
What is the difference between a passive IDS and an active IPS?