200-201 · Question #550
200-201 Question #550: Real Exam Question with Answer & Explanation
The correct answer is B: NetFlow. NetFlow provides compact, metadata-based flow records that summarize who communicated with whom, when, for how long, and how much data was transferred. This uses far less storage than full packet captures while still enabling rapid scoping and source identification for incident r
Question
An analyst must choose one source of information for further troubleshooting. One key requirement is to use low storage space over the next 12 months and quickly determine the source and scope of an attack to effectively mitigate it. Which source of information must the analyst choose?
Options
- Aspan port
- BNetFlow
- C.pcap file
- Dtraffic mirroring
Explanation
NetFlow provides compact, metadata-based flow records that summarize who communicated with whom, when, for how long, and how much data was transferred. This uses far less storage than full packet captures while still enabling rapid scoping and source identification for incident response over long retention periods.
Topics
Community Discussion
No community discussion yet for this question.