300-320 · Question #451
300-320 Question #451: Real Exam Question with Answer & Explanation
The correct answer is A: Place the management interface on a separate VLAN. IPS best practice dictates that the management interface must be placed on a separate, dedicated management VLAN or network, completely isolated from the traffic being monitored. This separation ensures that if the inspected network is compromised, attackers cannot reach or inter
Question
Options
- APlace the management interface on a separate VLAN
- BPlace all sensors on PVLAN community ports
- CPlace the management interface on the same VLAN
- DPlace the monitoring interface on the inside network
Explanation
IPS best practice dictates that the management interface must be placed on a separate, dedicated management VLAN or network, completely isolated from the traffic being monitored. This separation ensures that if the inspected network is compromised, attackers cannot reach or interfere with IPS management. It also keeps management traffic from influencing inspection. Placing sensors on PVLAN community ports or on the same VLAN as monitored traffic violates this security separation principle. The monitoring interface is typically placed inline or in promiscuous mode on the network being inspected, but management remains separate.
Community Discussion
No community discussion yet for this question.