300-320 · Question #106
300-320 Question #106: Real Exam Question with Answer & Explanation
The correct answer is D: An IDS reads traffic in promiscuous mode, and an IPS reads traffic in inline mode.. An IDS (Intrusion Detection System) operates in promiscuous mode: it receives a copy of network traffic (typically via a SPAN/mirror port) and analyzes it passively. Because traffic flows around it, an IDS can only alert - it cannot block an attack in progress. An IPS (Intrusion
Question
Options
- AIDS and IPS read traffic only in inline mode.
- BIDS and IPS read traffic only in promiscuous mode.
- CAn IDS reads traffic in inline mode, and an IPS reads traffic in promiscuous mode.
- DAn IDS reads traffic in promiscuous mode, and an IPS reads traffic in inline mode.
Explanation
An IDS (Intrusion Detection System) operates in promiscuous mode: it receives a copy of network traffic (typically via a SPAN/mirror port) and analyzes it passively. Because traffic flows around it, an IDS can only alert - it cannot block an attack in progress. An IPS (Intrusion Prevention System) operates in inline mode: it sits directly in the network traffic path (like a firewall). All traffic must pass through it, allowing the IPS to actively drop or block malicious packets in real time before they reach the destination. Choices A and B incorrectly apply a single mode to both systems, and choice C has the modes reversed.
Community Discussion
No community discussion yet for this question.