A security administrator needs to deploy a network security device that will analyze and potentially block malicious traffic without being bypassed if it fails. Which deployment option aligns best with this requirement?
Set up the device as a network tap to passively monitor traffic.
Use port mirroring to duplicate traffic to the device.
Deploy the device in inline mode with fail-closed configuration.
Implement the device as an external monitor that gets copied traffic from a network switch.
An inline device is deployed directly on the network path; all traffic must pass through it. This is ideal for scenarios where traffic analysis and blocking potential threats is necessary. Furthermore, since the device must not be bypassed even if it fails, an inline device must be used instead of a tap or monitor mode, which allows traffic to bypass the device if it fails or is not active.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean for a security device to be deployed in inline mode?
Open an interactive chat with Bash
Can you explain what a fail-closed configuration is?
Open an interactive chat with Bash
What are the limitations of using network taps and port mirroring for security analysis?