Cisco Certified Internetwork Expert (CCIE) Practice Test

Which statement is true regarding Botnet traffic Filter snooping?

• A. It can log and block connections from previously unknown domains
• B. It inspects both inbound and outbound traffic
• C. It checks only inbound traffic
• D. It requires a specific type of DNS server for log inquiries

The correct answer is: It inspects both inbound and outbound traffic

The correct answer highlights that Botnet traffic Filter snooping inspects both inbound and outbound traffic. This is crucial because effective network security necessitates examining traffic in both directions to identify and mitigate potential threats. By monitoring incoming traffic, the system can detect malicious communications attempted by external sources to compromise devices on the network. Simultaneously, inspecting outbound traffic ensures that any compromised devices attempting to communicate with command-and-control servers or exfiltrate data can be identified and blocked. In contrast, the other options present limitations in their scope. While logging and blocking connections from previously unknown domains may sound useful, without comprehensive traffic inspection, unknown domains could still be bypassing security mechanisms. Similarly, focusing solely on inbound traffic ignores any threats that may originate from within the network or involve outbound communications, leading to an incomplete security posture. Lastly, the requirement for a specific type of DNS server for log inquiries does not accurately reflect the universal applicability of the Botnet traffic Filter, which can operate independently of specific DNS configurations. This thorough inspection capability of both incoming and outgoing traffic is essential for robust network defense against botnets and associated threats.