CompTIA Network+ (N10-009) — Question 378

A network administrator received reports that a 40Gb connection is saturated. The only server the administrator can use for data collection in that location has a 10Gb connection to the network. Which of the following is the best method to use on the server to determine the source of the saturation?

Answer options

• A. Port mirroring
• B. Log aggregation
• C. Flow data
• D. Packet capture

Correct answer: C

Explanation

Using Flow data is the best approach in this scenario because it allows the administrator to analyze traffic patterns without needing to capture all packets, which would be limited by the 10Gb connection. Port mirroring and packet capture would not be ideal due to the bandwidth limitations, and log aggregation does not provide the necessary real-time traffic analysis to pinpoint saturation sources.