CompTIA DataX (CNX-001) — Question 53

A company has a 40Gbps network that uses a network tap to inspect the traffic using an IDS. The IDS usually performs normally except when the servers are downloading patches from their local update repository 10.10.10.139 using HTTPS. During the patch windows, the IDS cannot handle the extra load and drops a significant number of packets. Which of the following would allow a network engineer to prevent this issue without compromising the network visibility?

Answer options

• A. Configuring the IDS to ignore traffic from 10.10.10.139
• B. Using PF_RING offload to filter out "host 10.10.10.139 and port 443"
• C. Adding a "dst host 10.10.10.139" BPF on the tap
• D. Scheduling a cron job to stop the IDS service during the patch window

Correct answer: C

Explanation

Option C is correct because adding a 'dst host 10.10.10.139' BPF on the tap allows the IDS to focus on relevant traffic while still capturing essential data. Option A would lead to a lack of visibility on that specific traffic, while option B may not effectively filter the traffic as intended. Option D could result in a complete loss of network visibility during critical updates, which is not ideal.