NETSEC-GENERALIST · Question #41
NETSEC-GENERALIST Question #41: Real Exam Question with Answer & Explanation
The correct answer is D: Firewall outside DHCP path. To monitor traffic for Internet of Things (IoT) devices that may not otherwise be visible, the network design should place the firewall outside the DHCP path and use traffic mirroring from the switch to a TAP (Test Access Point) interface on the firewall. Traffic Mirroring: Switc
Question
Which network design for internet of things (loT) Security allows traffic mirroring from the switch to a TAP interface on the firewall to monitor traffic not otherwise seen?
Options
- ADHCP server on firewall
- BFirewall as DHCP relay
- CFirewall in DHCP path
- DFirewall outside DHCP path
Explanation
To monitor traffic for Internet of Things (IoT) devices that may not otherwise be visible, the network design should place the firewall outside the DHCP path and use traffic mirroring from the switch to a TAP (Test Access Point) interface on the firewall. Traffic Mirroring: Switches mirror the traffic to the firewall's TAP interface, enabling the firewall to inspect the traffic without directly interfering with the device communication. IoT Monitoring: Many IoT devices use lightweight communication protocols or non-standard methods, making direct interception difficult. Traffic mirroring allows passive monitoring for behavioral analysis, anomaly detection, and threat prevention. Firewall Placement: Keeping the firewall outside the DHCP path ensures that monitoring does not disrupt IoT device communications while still providing visibility into their network activity.
Topics
Community Discussion
No community discussion yet for this question.