nerdexam
GIAC

GCED · Question #20

GCED Question #20: Real Exam Question with Answer & Explanation

The correct answer is A. The incoming traffic is overflowing the device's TAP buffer. When deploying an IPS, you should carefully monitor and tune your systems and be aware of the risks involved. You should also have an in-depth understanding of your network, its traffic, and both its normal and abnormal characteristics. It is always recommended to run IPS and act

Question

Throughout the week following a new IPS deployment, nearly every user on the protected subnet submits helpdesk tickets regarding network performance and not being able to access several critical resources. What is the most likely reason for the performance issues?

Options

  • AThe incoming traffic is overflowing the device's TAP buffer
  • BThe in-line TAP experienced a hardware failure
  • CThe IPS sensor was changed from test mode to production mode
  • DThe IPS sensor was powered off or moved out of band

Explanation

When deploying an IPS, you should carefully monitor and tune your systems and be aware of the risks involved. You should also have an in-depth understanding of your network, its traffic, and both its normal and abnormal characteristics. It is always recommended to run IPS and active response technologies in test mode for a while to thoroughly understand their behavior. If the IPS had been previously powered off the performance issues would have impacted all network traffic, not just critical resources, and the issue would have begun on day 1 of deployment. A hardware failure of the TAP would bring connectivity to a stop, not just impact users access to critical If the IPS and/or TAP cannot keep up with traffic, the user's issues would have been more sporadic, rather than focused on a sudden loss to critical resources.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCED Practice