200-201 · Question #446
200-201 Question #446: Real Exam Question with Answer & Explanation
The correct answer is B: tap device. A tap device is a dedicated hardware tool that allows network traffic to be copied and sent to a monitoring device for analysis. It provides a reliable, passive capture of all traffic without affecting the performance of the network, introducing delays, or causing packet drops. I
Question
A security engineer must determine why a new core application does not work as desired. The client can send requests toward the application server but receives no response. One of the requirements is to gather all packets. Data needs to be reliable, without any delay or packet drops. Which solution best meets this need?
Options
- Adevice logs
- Btap device
- Cport mirroring
- Dspan port
Explanation
A tap device is a dedicated hardware tool that allows network traffic to be copied and sent to a monitoring device for analysis. It provides a reliable, passive capture of all traffic without affecting the performance of the network, introducing delays, or causing packet drops. It is the most accurate way to gather packets for analysis in scenarios where data integrity is critical, such as troubleshooting core application issues. Logs can provide useful information but do not capture actual packet-level data. They only provide insights into certain events and might not include every network packet, making them insufficient for packet-level analysis. While port mirroring is a common method used to capture traffic for monitoring, it can introduce packet drops or miss some traffic when the monitored port experiences high traffic volumes. It's not as reliable as a tap device for high-fidelity packet capture. Switch Port Analyzer (SPAN) function is the same as port mirroring.
Topics
Community Discussion
No community discussion yet for this question.