Within the framework ofDesigning and Implementing Enterprise Network Assurance (300-445 ENNA), network monitoring is categorized into two primary methodologies: active and passive monitoring.1Active monitoring(Option C) is characterized by the generation of synthetic or "probes" traffic specifically designed to measure network performance.2These probes simulate real-world user activity, such as HTTP requests, DNS queries, or ICMP pings, to baseline performance metrics like latency, jitter, and packet loss.
The core benefit of the active approach is its independence from actual user traffic. By sending a continuous ping or synthetic HTTP probe, an engineer can verify path availability and performance even during off-peak hours when no real users are on the network. In the context of Cisco ThousandEyes—a central platform in the ENNA certification—this is the primary mode of operation for Cloud, Enterprise, and Endpoint agents. For instance, a ThousandEyes network test proactively sends packets to a target IP or URL to visualize the hop-by-hop underlay and overlay paths.
Conversely, options A, B, and D representpassive monitoringtechniques. Passive monitoring involves observing and analyzing traffic that is already traversing the network.3Methods such asSNMP(Option A) provide device-level health data like CPU load and interface utilization, whilepacket captures(Option B) andNetFlow(Option D) analyze the characteristics of existing user flows to determine top talkers or traffic patterns. While passive monitoring is excellent for volume and utilization analysis, it lacks the proactive capability to test a path's performance before a user encounters a failure. Therefore, sending a synthetic probe like a continuous ping is the definitive example of active monitoring.
