CompTIA Security+ (SY0-501) — Question 499

A security analyst is interested in setting up an IDS to monitor the company network. The analyst has been told there can be no network downtime to implement the solution, but the IDS must capture all of the network traffic. Which of the following should be used for the IDS implementation?

Answer options

• A. Network tap
• B. Honeypot
• C. Aggregation
• D. Port mirror

Correct answer: A

Explanation

A Network tap allows for the monitoring of network traffic without interrupting the flow, making it ideal for zero-downtime scenarios. A honeypot is used for deception and does not monitor live traffic; aggregation collects data but may not capture all traffic accurately. A port mirror can introduce some overhead and potential downtime, making it less suitable for this requirement.