SNMP Versions
What is the meaning of SNMP?
Simple Network Management Protocol
What does the term "network baseline" refer to?
Data that represents the normal performance of a network
What does QoS stand for?
Quality of Service
What is the first step in the incident response process?
Identification - detecting a potential security incident by monitoring systems for unusual behavior
Which version of SNMP introduced the use of encryption?
SNMPv3
Why is it important to establish a network baseline?
Provides a reference point for normal network behavior
What is one method commonly used to implement QoS?
Buffering
What is the purpose of the containment phase in incident response?
To limit the spread and impact of a security incident
What is a major difference between SNMP v1 and SNMP v3?
SNMP v3 offers security features like authentication and encryption
How frequently should a network baseline be evaluated or updated?
Quarterly or more frequently if significant network changes occur
How does QoS enhance VoIP applications?
Prioritizing voice traffic over other network data
What actions are involved in the eradication phase of incident response?
Removing all traces of the malicious activity from the system
What are the security features of SNMP v3?
Authentication, encryption
What tools can be used to create a network baseline?
Traffic monitoring tools
How do traffic shaping and traffic policing differ from each other?
Shaping actively buffers/delays exceeding traffic to smooth out the data, Policing simply drops packets that exceed the defined rate
Why is the "lessons learned" phase crucial in incident response?
It allows organizations to analyze past incidents, identify areas for improvement