CNX-001 · Question #37
CNX-001 Question #37: Real Exam Question with Answer & Explanation
The correct answer is D: NetFlow to feed into the SIEM. NetFlow provides detailed, flow-level metadata (source/destination IPs, ports, protocols, byte counts, timestamps) without sitting inline. By exporting these records into your SIEM, you gain centralized logging and can correlate network behaviors with other security events for th
Question
An organization wants to evaluate network behavior with a network monitoring tool that is not inline. The organization will use the logs for further correlation and analysis of potential threats. Which of the following is the best solution?
Options
- ASyslog to a common dashboard used in the NOC
- BSNMP trap with log analytics
- CSSL decryption of network packets with preconfigured alerts
- DNetFlow to feed into the SIEM
Explanation
NetFlow provides detailed, flow-level metadata (source/destination IPs, ports, protocols, byte counts, timestamps) without sitting inline. By exporting these records into your SIEM, you gain centralized logging and can correlate network behaviors with other security events for threat detection and analysis.
Topics
Community Discussion
No community discussion yet for this question.