SNMP Versions
What does SNMP stand for?
SNMP stands for Simple Network Management Protocol.
What is a network baseline?
a collection of metrics that capture a network's performance and configuration during normal working conditions
What does QoS stand for?
Quality of Service
What is the first step in the incident response process?
Which SNMP version introduced encryption?
SNMP version 3 (SNMPv3)
Why is establishing a baseline important?
provides a starting point for measuring progress and identifying areas for improvement by acting as a reference point to compare future data against
Name one method used to implement QoS.
Controlling the rate at which data is transmitted
What is the purpose of the containment step?
to limit the spread and impact of a security incident once it has been detected
Describe a key difference between SNMP v1 and v3.
SNMP v3 offers security features like user authentication and encryption, while SNMP v1 lacks security measures.
How often should a network baseline be reviewed?
at least on a quarterly basis
Why is QoS important for VoIP applications?
prioritizes voice traffic over other data on a network, ensuring smooth and clear voice calls by minimizing issues like packet loss, latency, and jitter (also because there are emergency calls)
Describe the eradication step.
Process of completely removing the malicious threat or root cause of a security breach from a system or network, effectively eliminating any remaining traces of the threat and restoring the system to a known safe state
What are the security features of SNMP v3?
authentication to verify the source of a message, encryption to protect the content of the message (privacy), and message integrity to ensure a packet hasn't been tampered with during transit
What tools can be used to establish a network baseline?
SNMP (Simple Network Management Protocol), packet capture analyzers like Wireshark, flow analysis tools (NetFlow, sFlow), and dedicated network performance monitoring software
Explain the difference between traffic shaping and traffic policing.
traffic shaping actively delays packets exceeding a set rate by buffering them in a queue, while traffic policing simply drops packets that exceed the allowed rate, causing a more immediate disruption to traffic flow
Why is the lessons learned step important?
It allows individuals or teams to reflect on past experiences, identify what went well and what could be improved, and then use that knowledge to make better decisions