A network security administrator needs to monitor the contents of data sent between a secure network and the rest of the company. Which of the following monitoring methods will accomplish this task?
To monitor the contents of data (i.e., inspect the actual packets/frames and their payloads) moving between networks, the administrator should use port mirroring (also called SPAN on some platforms). Port mirroring copies traffic from one or more switch ports (or VLANs) to a designated monitoring port where a packet analyzer/IDS sensor can capture and inspect the traffic in detail. This aligns with Network+ (N10-009) security and monitoring concepts that distinguish between packet-level visibility and higher-level summaries or logs. If the requirement is explicitly to monitor “contents,” you need a method that provides full packet capture capability, not just metadata.
Flow data (e.g., NetFlow) provides summarized metadata—who talked to whom, how much, ports, and timestamps—but not full payload contents. Syslog entries are device/application-generated logs and only show events a device chooses to report; they don’t provide full data content visibility. SNMP traps are alerts about status changes (interfaces, thresholds, etc.) and similarly do not include traffic contents. Therefore, port mirroring is the correct monitoring method for inspecting data contents in transit.
===========
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit