CNX-001 · Question #93
A company has a 40Gbps network that uses a network tap to inspect the traffic using an IDS. The IDS usually performs normally except when the servers are downloading patches from their local update re
Sign in or unlock CNX-001 to reveal the answer and full explanation for question #93. The question stem and answer options stay visible for context.
Question
A company has a 40Gbps network that uses a network tap to inspect the traffic using an IDS. The IDS usually performs normally except when the servers are downloading patches from their local update repository 10.10.10.139 using HTTPS. During the patch windows, the IDS cannot handle the extra load and drops a significant number of packets. Which of the following would allow a network engineer to prevent this issue without compromising the network visibility?
Options
- AConfiguring the IDS to ignore traffic from 10.10.10.139
- BUsing PF_RING offload to filter out "host 10.10.10.139 and port 443"
- CAdding a "dst host 10.10.10.139" BPF on the tap
- DScheduling a cron job to stop the IDS service during the patch window
Unlock CNX-001 to see the answer
You've previewed enough free CNX-001 questions. Unlock CNX-001 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.