KT-NET Traffic inspection

SOC needs visibility into TLS 1.3 east-west traffic. Practical approach?

Multiple choice — select one answer

Answer choices

  1. a. Trust all self-signed certs users install, without security or identity team coordination per policy.
  2. b. Stop logging to save disk, without security or identity team coordination per policy.
  3. c. Disable TLS 1.3 globally, using shared credentials instead of individual accountability.
  4. d. East-west metadata (SNI, JA3), EDR network events, and segmented mirror taps where allowed

Architectural breakdown & explanation

Full decrypt is not always possible; metadata and EDR supplement inspection.

Correct answer(s): d. East-west metadata (SNI, JA3), EDR network events, and segmented mirror taps where allowed

Exam domain: Traffic inspection (16% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Network Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.