SNMP VERSIONS
What do the letters in SNMP stand for?
Simple network management protocol!
What is a network baseline?
A snapshot, a collection of metrics about a network at a time of normal use.
What does QoS stand for?
Quality of service
What is the first step in the incident response process?
preparation
Which version of SNMP introduced encryption??
SNMP Version 3
Why is establishing a baseline important?
it provides a clear reference point to measure progress, identify potential issues early on, and track performance against a set standard
Name one method used to implement QoS.
Traffic shaping
packet prioritization
bandwith reservation
queue management
What is the purpose of the containment step?
to limit the spread and impact of a security threat or incident once it has been identified, preventing further damage by isolating the affected systems and restricting the threat's ability to reach other parts of the network or system
What is a fundamental difference between version 1 and version 3 of SNMP?
SNMP 1 lacks the security features that SNMP 3 carries such as user-authentication and encryption.
How often should a network baseline be reviewed?
A network baseline should be reviewed at least monthly, but the frequency can vary depending on the stability of your network.
Why is QoS important for VoIP applications?
it prioritizes voice traffic over other network data, ensuring smooth and clear voice calls by minimizing issues like packet loss, latency, and jitter, which can significantly impact call quality, especially during high network congestion periods
Describe the eradication step.
the phase in a security incident response process where the root cause of a cyber threat is completely removed from a system or network, effectively eliminating any malicious elements like malware, unauthorized access, or compromised data, essentially restoring the system to a clean and secure state
What are the security features of SNMP v3?
Authentication
Encryption
Message-integrity
View based access control model (VACM)
User-based security model
What tools can be used to establish a network baseline?
NetFlow, sFlow, packet capture tools (like Wireshark), and dedicated network performance analyzers
Explain the difference between traffic shaping and traffic policing.
traffic shaping actively delays packets exceeding a set rate by buffering them in a queue, while traffic policing simply drops packets that violate the rate limit, causing immediate disruption to traffic flow
Why is the lessons learned step important?
it allows teams to reflect on past experiences, identify what worked well, what didn't, and document those insights to improve future projects by avoiding past mistakes and leveraging successful strategies (allows the team to debrief.)