Cisco
300-730 · Question #173
300-730 Question #173: Real Exam Question with Answer & Explanation
The correct answer is C: promiscuous. Promiscuous mode allows the Cisco IPS to passively monitor a copy of traffic out-of-band without blocking, making it ideal for baseline collection before switching to an inline blocking configuration.
Secure Communications Architectures
Question
A network administrator is deploying a Cisco IPS appliance and needs it to operate initially without affecting traffic flows. It must also collect data to provide a baseline of unwanted traffic before being reconfigured to drop it. Which Cisco IPS mode meets these requirements?
Options
- Afailsafe
- Binline tap
- Cpromiscuous
- Dbypass
Explanation
Promiscuous mode allows the Cisco IPS to passively monitor a copy of traffic out-of-band without blocking, making it ideal for baseline collection before switching to an inline blocking configuration.
Common mistakes.
- A. Failsafe is a failure behavior that determines whether traffic is allowed or blocked when the IPS device becomes unavailable - it is not a passive monitoring mode for baselining.
- B. Inline tap mode places the appliance physically inline in the traffic path and receives a copy for analysis, introducing a potential forwarding dependency that conflicts with the requirement to initially not affect traffic flows.
- D. Bypass mode allows traffic to pass through an inline IPS without inspection during maintenance or overload conditions - it is not a dedicated passive monitoring mode for collecting traffic baselines.
Concept tested. Cisco IPS promiscuous mode passive traffic monitoring
Reference. https://www.cisco.com/c/en/us/td/docs/security/ips/6-2/configuration/guide/IMC/imcug/IMCsensors.html
Topics
#IPS#promiscuous mode#inline tap#traffic inspection
Community Discussion
No community discussion yet for this question.