nerdexam
(ISC)2

CISSP · Question #540

Which is the RECOMMENDED configuration mode for sensors for an intrusion prevention system (IPS) if the prevention capabilities will be used?

The correct answer is C. Inline. For an IPS to actively block or prevent malicious traffic, sensors must be deployed inline so that all traffic physically passes through the device, enabling real-time prevention actions.

Submitted by amina.ke· Mar 5, 2026Communication and Network Security

Question

Which is the RECOMMENDED configuration mode for sensors for an intrusion prevention system (IPS) if the prevention capabilities will be used?

Options

  • AActive
  • BPassive
  • CInline
  • DSpan

How the community answered

(34 responses)
  • B
    3% (1)
  • C
    91% (31)
  • D
    6% (2)

Why each option

For an IPS to actively block or prevent malicious traffic, sensors must be deployed inline so that all traffic physically passes through the device, enabling real-time prevention actions.

AActive

Active is not a standard IPS sensor deployment mode terminology; it does not describe a physical or logical network placement configuration for IPS sensors.

BPassive

Passive mode means the sensor receives a copy of traffic (typically via a SPAN port or tap) and can only detect and alert on threats without the ability to block or drop packets, making it suitable for IDS but not IPS prevention.

CInlineCorrect

Inline mode places the IPS sensor directly in the path of network traffic, meaning all packets must traverse the sensor before reaching their destination. This deployment model is required for prevention capabilities because the sensor can drop, block, or modify malicious packets in real time before they reach the target, which is the defining characteristic of an IPS versus an IDS.

DSpan

SPAN (Switched Port Analyzer) is a method of feeding a copy of traffic to a sensor for monitoring purposes, which like passive mode only allows detection and alerting, not active prevention or packet blocking.

Concept tested: IPS sensor inline deployment mode for prevention

Source: https://www.cisco.com/c/en/us/td/docs/security/ips/7-0/configuration/guide/idm/idmguide7/idm_interfaces.html

Topics

#IPS#intrusion prevention#network security#inline mode

Community Discussion

No community discussion yet for this question.

Full CISSP Practice