An organization wants to evaluate network behavior with a network monitoring tool that is not inline. The organization will use the logs for further correlation and analysis of potential threats. Which of the following is the best solution?
A.
Syslog to a common dashboard used in the NOC
B.
SNMP trap with log analytics
C.
SSL decryption of network packets with preconfigured alerts
Answer: D. NetFlow to feed into the SIEM
NetFlow (and other flow log technologies) provides IP traffic flow information without being inline. By sending these flow logs to a SIEM, the organization can perform in‐depth correlation and analysis of network behavior, identifying anomalies or potential threats while leaving the production traffic path unaffected.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CNX-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
SuntzuLegacy
1 month, 1 week ago