SNMP
What is the acronym for SNMP?
Simple Network Management Protocol
Definition of baseline?
A baseline is a report of the network’s normal state of operation and might include a range of acceptable measurements
What is the acronym for QoS?
In the incident response process, what is the first step?
Preparation
Which version of SNMP added encryption?
SNMP Version 3
What is the importance of creating a baseline?
It provides a starting point for measuring and improving an organization's security posture
Give an example of a QoS implementation technique.
Traffic Shaping
What is the importance of the containment step?
To limit the spread of a problem or threat.
What is an important difference between version 1 of SNMP and version 3?
SNMP v1 is the original version and is rarely used today while SNMP 3 has advanced security mechanisms like authentication and encryption
How frequently should a network baseline be examined?
A network baseline should be examined regularly, ideally each month.
For VoIP applications, what is the importance of QoS?
Prioritizes voice traffic on a network, ensuring smooth and clear phone calls by minimizing issues like packet loss, latency, and jitter.
Explain what the eradication step is.
The root cause of a security breach is completely removed from a system or network.
What is an important security feature for SNMP version 3?
Adds authentication, validation, and encryption for messages exchanged between managed devices and the network management console.
What resources are available for creating a network baseline?
Network monitoring platforms, packet capture analyzers, flow analysis tools, SNMP, performance testing tools, and dedicated network baseline software.
What is the difference between traffic shaping and traffic policing?
Traffic shaping actively buffers and delays excess packets to smooth out the traffic flow, while traffic policing drops packets that exceed a set rate limit, resulting in a more immediate response.
Explain the importance of the lessons learned step.
It helps organizations review past incidents, find weaknesses in their security, and make changes to avoid future issues.