Exam N10-008 topic 1 question 316 discussion

I do think A is the best out of the options...feel free to correct me if I'm wrong. Mike Meyers "EXAM TIP   Port mirroring isn’t the only way to duplicate network traffic for monitoring and troubleshooting. You can also use a standalone network tap. (Some sources use TAP as an acronym for Traffic Access Port or Test Access Port.) These multi-port hardware devices literally copy 100% of the bits that they see—even errors—and send them out separate ports for monitoring. You’ll see them in scenarios that require non-obtrusive data collection." Some advantages of a tap over a mirrored port are that the tap will perform better under high load and won’t require you to give up scarce switch ports. Plus, they’re invisible to detection, because they have no MAC address or IP address." "An IDS is out-of-band and simply gets copies of network traffic. It can be as simple as a system getting copies of traffic to inspect, through a switch configured to send all traffic to the IDS. Since the IDS is out-of-band, it doesn’t add latency."

To ensure all traffic entering and leaving the router interface is available for the IDS, the network administrator should: A. Install a network tap for the IDS. A network tap is a physical device that can be installed on a network link to passively copy traffic to another device, such as an IDS. It allows the IDS to monitor all traffic on the network segment without introducing any additional points of failure or latency.

Net Tap = Used to create a physical connection to the network that will send packets to a monitoring device for capture & analysis. nmap = A net tapping/foot printing tool, or reconnaissance tool.

GPT picks (B). Here is why: (A) Installing a network tap for the IDS: Network taps are physical devices used to capture network traffic. While they are effective for monitoring traffic, they are not typically configured directly by network administrators on routers. They are usually installed on network segments. (B) Configuring ACLs to route traffic to the IDS: This is the correct approach. Access Control Lists can be configured on the router to redirect a copy of network traffic to the IDS for analysis without interrupting the regular network traffic flow. (C) Installing an additional NIC into the IDS: Adding another NIC (Network Interface Card) to the IDS could be part of the solution, but it's not sufficient on its own. ACLs or routing rules are typically needed to direct the traffic to the additional NIC. (D) Installing a loopback adapter for the IDS: A loopback adapter is a virtual network interface used for internal network testing but is not suitable for capturing external network traffic."

The BEST option for the network administrator to ensure all traffic entering and leaving the router interface is available for the IDS is option A, install a network tap for the IDS. A network tap is a hardware device that provides a way to monitor network traffic by capturing packets as they pass through a specific point on the network. It copies all traffic passing through the router interface, which makes it an ideal solution for capturing all traffic and sending it to the IDS.

A. The network administrator should install a network tap for the IDS