A company hosting multiple database servers behind a firewall wants to monitor suspicious traffic crossing into a protected subnet while limiting disruption to normal operations. Which placement of intrusion detection technology is the most effective solution?
Use a tap at the trunk link that aggregates inbound and outbound subnet traffic
Configure monitoring on each database host interface
Implement monitoring devices within the desktop environment
Activate detection in front of the public web server
Placing a tap at the trunk link that aggregates inbound and outbound traffic for the subnet is the most effective solution. It allows thorough visibility into traffic without adding extra load on every host. Monitoring each host’s interface introduces management challenges and performance overhead. Deploying detection in front of a public web server misses potential lateral movements to the database subnet. Monitoring the desktop segment does not address traffic targeting the protected subnet. Therefore, capturing traffic at the core trunk link ensures broad insight into threats crossing that boundary while reducing complexity for administrators.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a trunk link in networking?
Open an interactive chat with Bash
How does an intrusion detection system (IDS) monitor traffic without disrupting normal operations?
Open an interactive chat with Bash
Why is monitoring each database host interface a less effective solution?