SNMP Versions
What does SNMP stand for?
Simple Network Management Protocol
What is a network baseline?
Record of the normal operating conditions
What does QoS stand for?
Quality of Service
What is the first step in the incident response process?
Identification, acknowledging that a security incident has occurred
How does the containment step in incident response differ between a low-level and a high-level security breach?
containment typically involves isolating affected systems and limiting access, while for high-level breaches, containment may require more extensive measures
Which SNMP version introduced encryption?
SNMPv3
Why is establishing a baseline important?
Identifying Anomalies, Troubleshooting, Capacity Planning, Performance Optimization, Security Monitoring
Name one method used to implement QoS.
Traffic shaping
What is the purpose of the containment step?
To limit the scope and impact of a security incident by preventing further spread or escalation.
What is the role of the Management Information Base (MIB)
a database that stores information about network devices and is used by SNMP agents to provide real-time data to the SNMP manager for monitoring and management purposes.
Describe a key difference between SNMP v1 and v3.
Security, authentication, encryption
How often should a network baseline be reviewed?
From semi-annually to monthly based on the type of network
Why is QoS important for VoIP applications?
VoIP relies on real-time communication, and any degradation in network performance can significantly affect call quality
Describe the eradication step.
Completely removing the cause of the security incident, such as malware, vulnerabilities, or unauthorized access.
How does Traffic Shaping differ from Traffic Policing in terms of handling excess traffic in a network?
Traffic shaping buffers and delays excess traffic to conform to the defined rate, while traffic policing immediately drops or marks traffic that exceeds the rate limit, leading to potential packet loss.
What are the security features of SNMP v3?
Authentication, Privacy
What tools can be used to establish a network baseline?
PRTG Network Monitor, Wireshark, Nagios SolarWinds NPM
Explain the difference between traffic shaping and traffic policing.
The major difference is that traffic shaping delays and buffers excess traffic to smooth it out, while traffic policing drops or marks excess traffic that exceeds the specified rate.
Why is the lessons learned step important?
it helps improve future incident response by analyzing the incident to identify what went well and what could be improved.
Why is it important to update a network baseline regularly, and what factors could necessitate frequent updates?
Regular updates to a network baseline are essential to reflect changes in network infrastructure
What are the main components of the SNMP architecture?
Managed Devices, SNMP Agents, SNMP Manager, Management Information Base
How can deviations from a network baseline be used to detect potential security threats
Unusual Traffic Patterns, Unauthorized Device Connections, Abnormal Resource Usage, Strange Communication Behavior, Anomalous Login Attempts
How does congestion management in Quality of Service (QoS) techniques help maintain network performance during periods of high traffic?
Congestion management in QoS techniques prioritizes critical traffic, like VoIP or video, and controls the flow of less important traffic to prevent network overload, ensuring consistent performance even during high traffic periods.
How do the six steps of incident response work together to ensure a comprehensive and effective response to a cybersecurity incident?
The six steps of incident response work together by systematically detecting, containing, and eliminating threats while recovering systems and ensuring future prevention. Each step builds on the previous one to minimize damage, improve response efficiency, and strengthen overall security for future incidents.
How can the lessons learned step in incident response contribute to a continuous improvement cycle for an organization's security posture, and what role does it play in refining the organization's risk management framework?
The lessons learned step helps identify systemic weaknesses in the organization's security policies, incident response procedures, and detection mechanisms. By incorporating insights from past incidents, it allows the organization to refine its risk management framework, enhance preventive measures, optimize response strategies, and update security training, ensuring a continuous improvement cycle that reduces the likelihood and impact of future incidents.