NetFlow is a Cisco IOS technology that provides statistics on TCP/IP flows on the network. Some of the capabilities of NetFlow include the following: network and security monitoring, network planning, traffic analysis, identification of network bottlenecks, and IP accounting for billing purposes.
3. Which network technology uses a passive splitting device that forwards all traffic, including Layer
1 errors, to an analysis device?
A network tap is a common technology that is used to capture traffic for monitoring the network. The tap is typically a passive splitting device implemented inline on the network and that forwards all traffic, including physical layer errors, to an analysis device.
4. Which network monitoring tool can provide a complete audit trail of basic information of all IP
flows on a Cisco router and forward the data to a device?
SIEM provides real-time reporting and analysis of security events. SIEM provides administrators with details on sources of suspicious activity such as user information, device location, and compliance with security policies.
8. Which SIEM function is associated with examining the logs and events of multiple systems to
reduce the amount of time of detecting and reacting to security events?
SIEM provides administrators with details on sources of suspicious activity such as user information, device location, and compliance with security policies. One of the essential functions of SIEM is correlation of logs and events from different systems in order to speed the detection and reaction to security events.
9. Which network monitoring capability is provided by using SPAN?
A. Real-time reporting and long-term analysis of security events are enabled.
B. Traffic exiting and entering a switch is copied to a network monitoring device.
C. Statistics on packets flowing through Cisco routers and multilayer switches can be captured.
D. Network analysts are able to access network device log files and to monitor network behavior.
When enabled on a switch, SPAN or port mirroring, copies frames that are sent and received by the switch and forwards them to another port, known as a Switch Port Analyzer port, which has a analysis device attached.
10. Which network tool uses artificial intelligence to detect incidents and aid in incident analysis and
SOAR works with SIEMs systems, where SIEM can detect a malicious activity and SOAR helps to respond to the threat. SOAR has many functions and benefits, including these abilities: o The use of predefined playbooks to enable automatic response to specific threats o The use of artificial intelligence to detect incidents and aid in incident analysis and response.
11. Which network monitoring tool allows an administrator to capture real-time network traffic and
analyze the entire contents of packets?