CompTIA Network+ (N10-008) — Question 630

A network administrator for a small office is adding a passive IDS to its network switch for the purpose of inspecting network traffic. Which of the following should the administrator use?

Answer options

• A. SNMP trap
• B. Port mirroring
• C. Syslog collection
• D. API integration

Correct answer: B

Explanation

The correct answer is B, Port mirroring, as it allows the IDS to receive a copy of the traffic passing through the switch without interfering with it. Options A, C, and D do not provide the necessary traffic visibility needed for a passive IDS to effectively monitor and analyze network activity.