CNX-001 · Question #93
CNX-001 Question #93: Real Exam Question with Answer & Explanation
The correct answer is C: Adding a "dst host 10.10.10.139" BPF on the tap. By applying a Berkeley Packet Filter to drop only the HTTPS patch-repo traffic before it reaches the IDS, you relieve the processing burden during patch windows while preserving full visibility for all other flows. This avoids reconfiguring the IDS itself or losing visibility acr
Question
A company has a 40Gbps network that uses a network tap to inspect the traffic using an IDS. The IDS usually performs normally except when the servers are downloading patches from their local update repository 10.10.10.139 using HTTPS. During the patch windows, the IDS cannot handle the extra load and drops a significant number of packets. Which of the following would allow a network engineer to prevent this issue without compromising the network visibility?
Options
- AConfiguring the IDS to ignore traffic from 10.10.10.139
- BUsing PF_RING offload to filter out "host 10.10.10.139 and port 443"
- CAdding a "dst host 10.10.10.139" BPF on the tap
- DScheduling a cron job to stop the IDS service during the patch window
Explanation
By applying a Berkeley Packet Filter to drop only the HTTPS patch-repo traffic before it reaches the IDS, you relieve the processing burden during patch windows while preserving full visibility for all other flows. This avoids reconfiguring the IDS itself or losing visibility across the rest of the
Topics
Community Discussion
No community discussion yet for this question.