210-255 · Question #187
Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?
The correct answer is D. IPFIX. IPFIX (IP Flow Information Export) is the IETF-standardized protocol for exporting flow record data, making it the correct answer for an IETF standard that records session flows for security incident detection and analysis.
Question
Which IETF standard technology is useful to detect and analyze a potential security incident by recording session flows that occurs between hosts?
Options
- ASFlow
- BNetFlow
- CNFlow
- DIPFIX
How the community answered
(36 responses)- A3% (1)
- B8% (3)
- C3% (1)
- D86% (31)
Why each option
IPFIX (IP Flow Information Export) is the IETF-standardized protocol for exporting flow record data, making it the correct answer for an IETF standard that records session flows for security incident detection and analysis.
sFlow is an industry standard developed by InMon Corporation for traffic sampling and monitoring, but it is not an IETF-standardized protocol for flow export.
NetFlow is Cisco's proprietary flow export protocol and the predecessor to IPFIX - it is not an IETF standard, though IPFIX was developed based on NetFlow v9.
NFlow is not a recognized or standardized network flow protocol - it does not exist as a defined IETF or industry standard.
IPFIX is defined by IETF RFC 7011 as the standardized protocol for exporting IP flow information from network devices to a collector. Because it captures session-level metadata (source/destination IP, ports, protocol, byte counts, timestamps), security analysts can use IPFIX records to reconstruct network conversations, detect anomalies, and investigate the scope of a security incident across hosts.
Concept tested: IPFIX as the IETF standard for network flow export
Source: https://datatracker.ietf.org/doc/html/rfc7011
Topics
Community Discussion
No community discussion yet for this question.