SNMP Versions
What does SNMP stand for?
Simple Network Management Protocol.
What is a network baseline?
A network baseline is a snapshot of normal network performance and behavior, used as a reference for troubleshooting and optimization.
What does QoS stand for?
Quality of Service.
What is the first step in the incident response process?
Preparation
Which SNMP version introduced encryption?
SNMP v3.
Why is establishing a baseline important?
It helps detect anomalies, performance issues, and security threats by providing a reference point for comparison.
Name one method used to implement QoS.
Traffic prioritization
What is the purpose of the containment step?
The containment step aims to limit the scope and spread of the incident to prevent further damage.
Describe a key difference between SNMP v1 and v3.
SNMP v1 lacks security features, while SNMP v3 includes encryption, authentication, and access control.
How often should a network baseline be reviewed?
It should be reviewed regularly, typically every 6 months to a year, or after major network changes.
Why is QoS important for VoIP applications?
QoS ensures low latency, minimal packet loss, and adequate bandwidth for clear and uninterrupted voice communication.
Describe the eradication step.
Eradication involves completely removing the cause of the incident
What are the security features of SNMP v3?
Authentication, encryption, and access control.
What tools can be used to establish a network baseline?
Tools like Wireshark, SolarWinds, PRTG Network Monitor, or NetFlow analyzers can be used to monitor and establish baselines.
Explain the difference between traffic shaping and traffic policing.
Traffic shaping buffers excess traffic and smooths out bursts, while traffic policing drops or marks packets that exceed a certain rate.
Why is the lessons learned step important?
It allows the team to review the incident, identify weaknesses in the response, and improve future preparedness and processes.