SNMP Versions
What does SNMP stand for?
Simple Network Management Protocol
What is a network baseline?
A collection of metrics to represent a networks normal/baseline condition
What does QoS stand for?
Quality of Service
What is the first step in the incident response process?
Preparation
Which SNMP version introduced encryption?
SNMP Version 3
Why is establishing a baseline important?
It allows for assessment of performance compared to a baseline.
Name one method used to implement QoS.
Priority queuing where network traffic is assigned different priority levels, ensuring critical applications receive preferential treatment.
What is the purpose of the containment step?
The containment step aims to limit the spread of a security breach by isolating the affected system or network segment
Describe a key difference between SNMP v1 and v3.
Version 3 supports authentication and encryption, while Version 1 is only simple authentication
How often should a network baseline be reviewed?
At least quarterly
Why is QoS important for VoIP applications?
QoS is crucial for VoIP applications because it prioritizes voice packets over other network traffic
Describe the eradication step.
The eradication step involves completely removing the malicious code or threat from the compromised system
What are the security features of SNMP v3?
Authentication to verify the source of a message, encryption to protect sensitive data in transit, and message integrity to ensure a packet hasn't been messed with.
What tools can be used to establish a network baseline?
NMPs (Network Monitoring Platforms) such as NetFlow
Explain the difference between traffic shaping and traffic policing.
Traffic shaping actively buffers and delays packets exceeding a set rate to smooth out traffic flow, while traffic policing simply drops packets exceeding the rate limit without buffering
Why is the lessons learned step important?
because it allows organizations to analyze the incident response process after a security breach and identify weak points