CS0-003 Question #145: Real Exam Question with Answer & Explanation

Question

A company wants to configure the environment to allow passive network monitoring. To avoid disrupting the sensitive network, which of the following must be supported by the scanner's NIC to assist with the company's request?

Options

• APort bridging
• BTunnel all mode
• CFull-duplex mode
• DPort mirroring
• EPromiscuous mode

Explanation

To enable passive network monitoring without disrupting a sensitive network, the network infrastructure must support port mirroring to send a copy of network traffic to the scanner.

Common mistakes.

• A. Port bridging connects two network segments at the data link layer, which is not primarily used for passive, non-disruptive monitoring of existing network traffic.
• B. Tunnel all mode is typically a VPN configuration where all network traffic is routed through an encrypted tunnel, which is unrelated to passive network monitoring.
• C. Full-duplex mode allows simultaneous two-way communication on a network link, which is a standard operational mode for NICs and does not directly facilitate passive monitoring of all traffic.
• E. Promiscuous mode allows a NIC to capture all traffic it receives, regardless of the destination MAC address, but it still requires the traffic to be delivered to the NIC first, typically via port mirroring or a network TAP, to monitor traffic not addressed to it on a switched network.

Concept tested. Passive network monitoring with port mirroring

Reference. https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_25_see/configuration/guide/scg/swspan.html

No community discussion yet for this question.