SNMP Versions
What does SNMP stand for?
SNMP stands for Simple Network Management Protocol.
What is a network baseline?
A network baseline is a set of data that represents the normal performance and behavior of a network under typical operating conditions.
What does QoS stand for?
Quality of Service
What is the first step in the incident response process?
The first step in the incident response process is preparation by establishing the right tools and resources and training the team
Which SNMP version introduced encryption?
SNMP version 3 (SNMPv3) introduced encryption as part of its security improvements.
Why is establishing a baseline important?
It serves as a reference point to identify deviations or anomalies that could indicate problems, such as performance issues, security breaches, or configuration errors.
Name one method used to implement QoS.
Traffic shaping, priority queuing, differentiated services (DiffServ), and Integrated Services (IntServ).
What is the purpose of the containment step?
The purpose of the containment step in the incident response process is to limit the impact of a security incident by preventing its spread and minimizing further damage.
Describe a key difference between SNMP v1 and v3.
SNMPv1 has minimal security while SNMPv3 has security features, including authentication and encryption.
How often should a network baseline be reviewed?
It should be reviewed frequently, but the bare minimum would be annually.
Why is QoS important for VoIP applications?
Quality of Service (QoS) is crucial for Voice over IP (VoIP) applications because these services are highly sensitive to network performance issues such as latency, jitter, and packet loss.
Describe the eradication step.
The eradication step in the incident response process focuses on removing the root cause of the incident and eliminating any traces of the attack or compromise. This step ensures that the threat is fully dealt with, preventing the incident from reoccurring.
What are the security features of SNMP v3?
Authentication, encryption, and message integrity.
What tools can be used to establish a network baseline?
SolarWinds Network Performance Monitor, Datadog, PRTG Network Monitor, Nagios, Zabbix, ManageEngine OpManager, Cisco Prime Infrastructure, LiveAction, and packet capture tools like Wireshark
Explain the difference between traffic shaping and traffic policing.
Traffic shaping smoothens traffic flow by delaying excess packets to conform to a specified rate, while traffic policing enforces traffic rate limits by dropping or marking packets that exceed the defined threshold.
Why is the lessons learned step important?
It allows an organization to reflect on the incident and improve its incident response capabilities, security posture, and overall preparedness for future events.