CompTIA DataX (CNX-001) — Question 65

An organization wants to evaluate network behavior with a network monitoring tool that is not inline. The organization will use the logs for further correlation and analysis of potential threats. Which of the following is the best solution?

Answer options

• A. Syslog to a common dashboard used in the NOC
• B. SNMP trap with log analytics
• C. SSL decryption of network packets with preconfigured alerts
• D. NetFlow to feed into the SIEM

Correct answer: D

Explanation

The correct answer is D because NetFlow provides detailed traffic analysis which is essential for feeding into a SIEM for correlation and threat detection. Option A, while useful, does not provide the same level of detail for analysis. Option B focuses on SNMP traps which might lack comprehensive data, and option C relates to SSL decryption, which is not necessary for basic network behavior evaluation.