SNMP Versions
Baseline
QoS
6 Steps of Incident Response
Final Jeopardy
100

The main purpose of SNMP in network management

What is monitoring and managing devices on a network by collecting and organizing information?

100

Definition of network baseline in the context of performance monitoring

What is a network baseline is a record of the normal operating performance of a network, used as a reference to identify unusual behavior?

100

What does QoS aim to achieve in network traffic management?

It prioritizes critical network traffic to ensure consistent performance for key applications.

100

What is the main goal of the preparation step in incident response?

To establish tools, policies, and training to ensure readiness for cybersecurity incidents.

200

The SNMP version that first introduced message integrity and authentication

What is SNMPv3?

200

How does a baseline assist in detecting network anomalies?


It helps identify deviations from typical performance patterns, signaling potential issues such as cyberattacks or hardware failures.

200

List one protocol or method commonly used to implement QoS in a network.

Differentiated Services Code Point (DSCP) or Multiprotocol Label Switching (MPLS).

200

During containment, why is it important to isolate affected systems?

To prevent the spread of the incident to other systems or networks.

300

One key enhancement in SNMPv2 compared to SNMPv1

What is SNMPv2 introduced bulk data transfers, which improve efficiency by allowing multiple data items to be retrieved or set in a single request?

300

What factors might influence how often a network baseline should be updated?

Factors include network size, the addition of new devices, changes in traffic patterns, and emerging threats.

300

How does QoS impact video conferencing or streaming services?

QoS minimizes latency, jitter, and packet loss, ensuring smooth and uninterrupted video and audio quality.

300

How does the eradication step differ from containment?

Eradication involves removing the root cause of the incident, while containment focuses on stopping its spread.

400

The main advantage of using SNMPv3 over previous versions

What is enhanced security, including encryption, message integrity, and authentication?

400

Name two tools commonly used for creating and analyzing network baselines.

Wireshark and SolarWinds Network Performance Monitor.

400

Compare the goals of bandwidth reservation (e.g., MPLS) and traffic policing.

Bandwidth reservation ensures dedicated resources for critical traffic, while traffic policing enforces limits to prevent overuse or abuse of network resources.

400

What outcomes should be documented in the lessons learned phase?

Key takeaways, identified vulnerabilities, effectiveness of the response, and steps to prevent future incidents.

400

Explain how a strong incident response plan can reduce downtime and financial losses during a cybersecurity event. Provide at least two specific examples.

1. Rapid containment limits the spread of malware, reducing recovery time.

2. Clear communication plans minimize operational disruptions, ensuring quicker resumption of business functions.