ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CNX-001 All Questions

View all questions & answers for the CNX-001 exam
Go to Exam

Exam CNX-001 topic 1 question 57 discussion

Actual exam question from CompTIA's CNX-001
Question #: 57
Topic #: 1
[All CNX-001 Questions]

A company has a 40Gbps network that uses a network tap to inspect the traffic using an IDS. The IDS usually performs normally except when the servers are downloading patches from their local update repository 10.10.10.139 using HTTPS. During the patch windows, the IDS cannot handle the extra load and drops a significant number of packets. Which of the following would allow a network engineer to prevent this issue without compromising the network visibility?

  • A. Configuring the IDS to ignore traffic from 10.10.10.139
  • B. Using PF_RING offload to filter out "host 10.10.10.139 and port 443"
  • C. Adding a "dst host 10.10.10.139" BPF on the tap
  • D. Scheduling a cron job to stop the IDS service during the patch window
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by SuntzuLegacy at May 19, 2025, 3:23 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SuntzuLegacy
4 weeks ago
Selected Answer: B
A PF_RING offload‐based filter (option B) is the usual solution in high‐throughput environments. It effectively removes the “known good” bulk traffic (the patch downloads from 10.10.10.139 on port 443) before it ever reaches the IDS engine. This prevents overloading the IDS without having to shut it down entirely or lose visibility on other network traffic. By contrast, merely adding a BPF filter that includes traffic to 10.10.10.139 or having the IDS itself ignore that traffic would not actually reduce its load in the same way.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel