An engineer is monitoring network traffic from their sales and product development departments, which are on two separate networks.
What must be configured in order to maintain data privacy for both departments?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
https://www.cisco.com/c/en/us/td/docs/security/firepower/640/configuration/guide/fpmc-config-guide-v64/The scenario in the question involves two separate networks, one belonging to the sales department and the other to the product development department. The requirement is to maintain data privacy for both departments while monitoring their network traffic.
Answer A suggests using passive IDS ports for both departments. Passive IDS (Intrusion Detection System) refers to a system that monitors network traffic passively without interfering with it. However, this approach does not provide any means to ensure data privacy between the two departments, as the same monitoring system would be used for both networks. Therefore, Answer A is not a suitable solution for the scenario.
Answer B suggests using a dedicated IPS (Intrusion Prevention System) inline set for each department to maintain traffic separation. An IPS is a security appliance that actively monitors and prevents malicious traffic from entering the network. Using a dedicated IPS for each department would ensure that traffic from one department is not mixed with traffic from the other department, thus maintaining data privacy between the two networks. This is a valid solution for the scenario.
Answer C suggests using 802.1Q inline set Trunk interfaces with VLANs to maintain logical traffic separation. This involves creating separate VLANs for each department and configuring trunk interfaces to carry traffic from both VLANs. This solution can also maintain traffic separation between the two departments. However, VLANs can be vulnerable to VLAN hopping attacks, which can compromise the data privacy of the networks. Therefore, additional security measures may be required to ensure the integrity of the VLANs.
Answer D suggests using one pair of inline set in TAP mode for both departments. TAP (Test Access Point) mode refers to a mode of operation in which traffic is copied and sent to a monitoring device without interfering with the original traffic. However, using one pair of inline set for both departments would mix the traffic from both departments, thus compromising data privacy. Therefore, Answer D is not a suitable solution for the scenario.
In conclusion, the most suitable solution for maintaining data privacy between the sales and product development departments while monitoring their network traffic is to use a dedicated IPS inline set for each department to maintain traffic separation, as suggested in Answer B.