A security technician wishes to gather and analyze all Web traffic during a particular time period.
Which of the following represents the BEST approach to gathering the required data?

A.
Configure a VPN concentrator to log all traffic destined for ports 80 and 443.

B.
Configure a proxy server to log all traffic destined for ports 80 and 443.

C.
Configure a switch to log all traffic destined for ports 80 and 443.

D.
Configure a NIDS to log all traffic destined for ports 80 and 443.

Explanation:
A proxy server is in essence a device that acts on behalf of others and in security terms all internal user
interaction with the Internet should be controlled through a proxy server. This makes a proxy server the
best tool to gather the required data.
Incorrect Answers:
A: The VPN concentrator creates an encrypted tunnel session between hosts, and many use two-factor
authentication for additional security. A proxy server would still be the best tool to gather the required
information.C: A switch can provide a monitoring port for troubleshooting and diagnostic purposes in addition to the
virtual circuit that they can create between systems in a network. This helps to reduce network trafffic,
but a proxy server would be a better tool to gather the required data.
D: A network-based IDS (NIDS) approach to IDS attaches the system to a point in the network where it can
monitor and report on all network traffic. However a proxy server would be the best tool to gather the
required data.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 105, 111