Cisco
352-001 · Question #321
352-001 Question #321: Real Exam Question with Answer & Explanation
The correct answer is A: Solution should be resistant to sensor failure.. An IDS sensor in promiscuous mode receives out-of-band copies of traffic via SPAN or TAP, making it ideal when the design requires no traffic path impact, fault tolerance, and passive signature-based detection.
Question
Which three reasons to deploy an IDS sensor in promiscuous mode when you design a security solution are true? (Choose three.)
Options
- ASolution should be resistant to sensor failure.
- BSolution should allow for stream normalization.
- CSolution should not impact jitter and latency for voice traffic.
- DSolution should allow for signature-based pattern matching.
- ESolution should allow to deny packets inline.
Explanation
An IDS sensor in promiscuous mode receives out-of-band copies of traffic via SPAN or TAP, making it ideal when the design requires no traffic path impact, fault tolerance, and passive signature-based detection.
Common mistakes.
- B. Stream normalization requires the sensor to hold, reorder, and reassemble actual packets before forwarding them to defeat evasion techniques, which is only possible when the sensor operates inline in IPS mode with access to the live packet stream.
- E. Blocking or denying packets requires the sensor to be inline in the traffic path where it can intercept and drop packets before delivery; a promiscuous sensor only receives copies and has no ability to prevent the original packet from reaching its destination.
Concept tested. IDS promiscuous mode deployment benefits and limitations
Community Discussion
No community discussion yet for this question.