GIAC Exam GCED Topic 8 Question 68 Discussion

Actual exam question for GIAC's GCED exam

Question #: 68
Topic #: 8

[All GCED Questions]

Throughout the week following a new IPS deployment, nearly every user on the protected subnet submits helpdesk tickets regarding network performance and not being able to access several critical resources. What is the most likely reason for the performance issues?

AThe incoming traffic is overflowing the device's TAP buffer

BThe in-line TAP experienced a hardware failure

CThe IPS sensor was changed from test mode to production mode

DThe IPS sensor was powered off or moved out of band

Show Suggested Answer

Suggested Answer: A

When deploying an IPS, you should carefully monitor and tune your systems and be aware of the risks involved. You should also have an in-depth understanding of your network, its traffic, and both its normal and abnormal characteristics. It is always recommended to run IPS and active response technologies in test mode for a while to thoroughly understand their behavior.

If the IPS had been previously powered off the performance issues would have impacted all network traffic, not just critical resources, and the issue would have begun on day 1 of deployment.

A hardware failure of the TAP would bring connectivity to a stop, not just impact users access to critical resources.

If the IPS and/or TAP cannot keep up with traffic, the user's issues would have been more sporadic, rather than focused on a sudden loss to critical resources.

by Charisse at Aug 16, 2025, 12:01 AM

Limited Time Offer

25%

Off

Get Premium GCED Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!