An NOC technician observes that the average latency on a critical WAN link has risen sharply. To determine which applications are consuming the most bandwidth and contributing to the latency, which tool should the technician use?
Correct. NetFlow captures traffic flows and allows analysis of bandwidth usage by application, source, and destination.
Why this answer
NetFlow is the correct tool because it provides per-flow traffic analysis, allowing the technician to identify which applications (by protocol and port) are consuming the most bandwidth on the WAN link. Unlike simple bandwidth monitors, NetFlow exports detailed records of source/destination IPs, ports, and byte counts, enabling precise identification of bandwidth-hungry applications contributing to increased latency.
Exam trap
CompTIA often tests the distinction between SNMP (which shows aggregate bandwidth) and NetFlow (which shows per-application bandwidth), leading candidates to mistakenly choose SNMP because they associate it with bandwidth monitoring, even though it cannot identify specific applications.
How to eliminate wrong answers
Option B (SNMP) is wrong because SNMP polls interface counters (e.g., ifInOctets) to show aggregate bandwidth utilization, but it cannot identify individual applications or flows. Option C (Syslog) is wrong because Syslog is a logging protocol for system events and errors, not a traffic analysis tool; it provides no visibility into bandwidth consumption by application. Option D (Ping) is wrong because Ping measures round-trip latency and reachability using ICMP echo requests, but it cannot reveal which applications are using bandwidth or contributing to latency.