CompTIA Network+ (N10-008) — Question 671

A network security engineer is investigating a potentially malicious insider on the network. The network security engineer would like to view all traffic coming from the user's PC to the switch without interrupting any traffic or having any downtime. Which of the following should the network security engineer do?

Answer options

• A. Turn on port security.
• B. Implement dynamic ARP inspection.
• C. Configure 802.1Q.
• D. Enable port mirroring.

Correct answer: D

Explanation

The correct answer is D, enabling port mirroring, which allows the engineer to capture and analyze traffic without affecting the flow of data. Options A and B do not provide the capability to monitor traffic, while option C relates to VLAN tagging, which does not assist in monitoring the specific user's traffic.