352-001 · Question #321
Which three reasons to deploy an IDS sensor in promiscuous mode when you design a security solution are true? (Choose three.)
The correct answer is A. Solution should be resistant to sensor failure. C. Solution should not impact jitter and latency for voice traffic. D. Solution should allow for signature-based pattern matching.. An IDS sensor in promiscuous mode receives out-of-band copies of traffic via SPAN or TAP, making it ideal when the design requires no traffic path impact, fault tolerance, and passive signature-based detection.
Question
Which three reasons to deploy an IDS sensor in promiscuous mode when you design a security solution are true? (Choose three.)
Options
- ASolution should be resistant to sensor failure.
- BSolution should allow for stream normalization.
- CSolution should not impact jitter and latency for voice traffic.
- DSolution should allow for signature-based pattern matching.
- ESolution should allow to deny packets inline.
How the community answered
(25 responses)- A72% (18)
- B12% (3)
- E16% (4)
Why each option
An IDS sensor in promiscuous mode receives out-of-band copies of traffic via SPAN or TAP, making it ideal when the design requires no traffic path impact, fault tolerance, and passive signature-based detection.
Because the promiscuous sensor is not inline and only receives mirrored copies of traffic, a sensor failure does not disrupt network connectivity - the network continues to forward traffic unaffected by sensor outages.
Stream normalization requires the sensor to hold, reorder, and reassemble actual packets before forwarding them to defeat evasion techniques, which is only possible when the sensor operates inline in IPS mode with access to the live packet stream.
Promiscuous mode places the sensor entirely outside the forwarding path so it adds zero latency or jitter to live traffic, which is critical for real-time voice applications that are sensitive to any forwarding delay.
An IDS in promiscuous mode can inspect full packet copies and apply deep signature-based pattern matching against known attack patterns, fulfilling the core IDS detection function without affecting original traffic flow.
Blocking or denying packets requires the sensor to be inline in the traffic path where it can intercept and drop packets before delivery; a promiscuous sensor only receives copies and has no ability to prevent the original packet from reaching its destination.
Concept tested: IDS promiscuous mode deployment benefits and limitations
Source: https://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/idm/idmguide7/idm_interfaces.html
Topics
Community Discussion
No community discussion yet for this question.