What does SNMP stand for?
Simple Network Management Protocol.
How would you define a network baseline?
A network baseline is a standard measurement of normal network performance, including traffic patterns and usage, used as a reference for detecting anomalies.
Expand the acronym QoS.
Quality of Service.
What is the initial step in the incident response process?
Preparation
What is an SNMP trap?
An alert message sent from an SNMP-enabled device to a network monitoring system when a specific event occurs.
Which version of SNMP was the first to include encryption?
SNMP v3
Why is it important to create a network baseline?
To identify unusual activity, troubleshoot network issues, and maintain optimal network performance.
What is one method commonly used to implement QoS?
Prioritizing traffic using techniques like Differentiated Services (DiffServ) or traffic classification.
What is the main goal of the containment phase during incident response?
To isolate and limit the impact of the incident on the network and systems.
Which type of anomaly detection relies on a baseline?
Behavioral anomaly detection.
Highlight one major difference between SNMP v1 and SNMP v3
SNMP v3 includes enhanced security features such as authentication and encryption, while SNMP v1 does not.
How frequently should you review and update a network baseline?
Regularly, especially after significant changes to the network infrastructure or traffic patterns.
Why is QoS essential for applications like VoIP?
To ensure low latency, minimal packet loss, and high reliability for real-time communication.
Explain what happens during the eradication step of incident response.
The root cause of the incident is identified and removed, such as eliminating malware or fixing vulnerabilities.
What is jitter, and how does it affect VoIP calls?
Jitter is the variation in packet arrival times, which can cause distorted or choppy audio in VoIP calls.
What security features are included in SNMP v3?
Authentication, encryption, and message integrity.
Name a tool that can help in establishing a network baseline.
Tools like SolarWinds, Wireshark, or PRTG Network Monitor.
What is the key difference between traffic shaping and traffic policing?
Traffic shaping delays excess packets to smooth out traffic flow, while traffic policing drops or re-marks excess packets that exceed a set limit.
Why is it critical to include the lessons learned phase in incident response?
To review the incident, improve the response plan, and prevent similar incidents in the future.
What document outlines the procedures for incident response?
The Incident Response Plan (IRP).
Name a port number commonly used by SNMP.
Port 161 for general communication and Port 162 for trap messages.
What kind of data is typically collected to establish a network baseline?
Traffic patterns, bandwidth usage, device performance, and network response times.
Which layer of the OSI model is most associated with QoS?
Layer 3 (Network Layer), but it can also be applied at Layer 2 (Data Link) and Layer 7 (Application).
Which step of the incident response process involves restoring normal business operations?
Recovery
What is the primary goal of network segmentation?
To limit the spread of threats and control access within a network.