The best answer is "C. NetFlow."
NetFlow is a protocol developed by Cisco for collecting IP traffic information as it enters or exits an interface of a router or switch. It provides detailed information about traffic flows, including the source and destination IP addresses, ports, protocols, and the amount of data transferred.
NetFlow data is a compact format that summarizes the network traffic data and is therefore an efficient way to build a baseline of traffic seen over an extended period of time. It can help detect patterns of network traffic that may be indicative of security threats or other abnormal activity.
In contrast, full packet capture and firewall event logs can provide more detailed information about network traffic but can be less efficient in terms of storage and processing requirements. Syslog messages can also provide valuable information, but may not provide the level of detail needed for building a baseline of traffic over an extended period of time.
NetFlow is a feature that provides network traffic information for network analysis, monitoring, and security. It is a protocol used to collect and record information about IP network traffic flows, including source and destination IP addresses, source and destination ports, protocol types, and other relevant information. NetFlow data can be stored and analyzed over time to gain insights into network usage and identify changes in traffic patterns.
Compared to full packet capture, which captures all packets in their entirety and can quickly become very large, NetFlow data is more compact and summarizes network traffic data.
Netflow
- It is a protocol developed by Cisco that is used to collect and record all IP Traffic going to and from a Cisco router or switch that is Netflow enabled.
- Keyword is "most efficient".
B because in the official book says: the details provided by capturing packets are necessary for establishing baselines as well as security requirements and therefore is the best approach versus what limited data NetFlow can provide. Throughput-546-Omar Santos.
This section is not available anymore. Please use the main Exam Page.200-201 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
alhamry
7 months, 2 weeks agodrdecker100
10 months, 1 week agoMartinRB
10 months, 1 week agoSecurityGuy
11 months agohansamaru
1 year, 1 month agocy_analyst
1 year, 2 months agoEng_ahmedyoussef
1 year, 2 months agohalamah
2 years, 1 month ago