nerdexam
Cisco

210-255 · Question #187

Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?

The correct answer is D. IPFIX. IPFIX (IP Flow Information Export) is the IETF-standardized protocol for exporting flow record data, making it the correct answer for an IETF standard that records session flows for security incident detection and analysis.

Security Monitoring

Question

Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?

Options

  • ASFlow
  • BNetFlow
  • CNFlow
  • DIPFIX

How the community answered

(36 responses)
  • A
    3% (1)
  • B
    8% (3)
  • C
    3% (1)
  • D
    86% (31)

Why each option

IPFIX (IP Flow Information Export) is the IETF-standardized protocol for exporting flow record data, making it the correct answer for an IETF standard that records session flows for security incident detection and analysis.

ASFlow

sFlow is an industry standard developed by InMon Corporation for traffic sampling and monitoring, but it is not an IETF-standardized protocol for flow export.

BNetFlow

NetFlow is Cisco's proprietary flow export protocol and the predecessor to IPFIX - it is not an IETF standard, though IPFIX was developed based on NetFlow v9.

CNFlow

NFlow is not a recognized or standardized network flow protocol - it does not exist as a defined IETF or industry standard.

DIPFIXCorrect

IPFIX is defined by IETF RFC 7011 as the standardized protocol for exporting IP flow information from network devices to a collector. Because it captures session-level metadata (source/destination IP, ports, protocol, byte counts, timestamps), security analysts can use IPFIX records to reconstruct network conversations, detect anomalies, and investigate the scope of a security incident across hosts.

Concept tested: IPFIX as the IETF standard for network flow export

Source: https://datatracker.ietf.org/doc/html/rfc7011

Topics

#IPFIX#NetFlow#flow records#session monitoring

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice