SNMP Versions
Which protocol suite is SNMP part of?
SNMP is part of the TCP/IP suite.
Define what a baseline is.
A baseline is a network or resource's normal state of operation when conditions are normal.
Describe how QoS works.
It assigns priority to different types of transmissions
Identify the 6 steps of incident response.
The 6 steps of incident response are preparation, detection and identification, containment, remediation, recovery, and review.
What is the difference between SNMPv1 and SNMPv2?
SNMPv2 has slightly better security and improved performance than SNMPv1.
Why is it important to know the baseline of a network?
To figure out if there is a problem on the network, information about what is normal has to be known first.
Name at least three methods used to manage a network's QoS
Three methods used to manage a network's QoS is traffic shaping, DiffServ (Differentiated Services), and CoS (Class of Service).
Describe the detection and identification step of incident response.
Detection and Identification: Staff or system alerts about potential problems are sent to assigned personnel (not all staff are related directly to incident response.)
What is the difference between SNMPv2 and SNMPv3?
SNMPv3 is similar to SNMPv2 but incorporates validation, authentication, and encryption.
How are baselines obtained? Examples?
Baselines are obtained by looking information about network traffic. Some examples are by looking at number of users per day or hour, utilization rate, error statistics, and many more.
Describe Traffic Shaping and how it relates to QoS.
Traffic Shaping is a method used to manage a network's QoS. It involves manipulating characteristics of connections, data streams, or packets to manage type and amount of network traffic.
Describe the review step of incident response and explain why it is important.
Review: Reflecting on the incident and adjusting preparations and prevention strategies accordingly
This step is important because it allows for improvement of incident response and creates prevention strategies for the future.
Describe SMNPv1, SNMPv2, and SNMPv3.
SNMPv1: Original version, rarely used
SNMPv2: Slightly better security and increased performance than SNMPv1
SNMPv3: Similar to SNMPv2 with validation, authentication, and encryption
What are some common KPIs (key performance indicators)?
Utilization, packet drops, device availability and performance, jitter, error rate, and interface statistics are all examples of common KPIs.
Describe DiffServ and how it relates to QoS.
DiffServ is a method used to manage a network's QoS. It works by managing traffic at layer 3 of the OSI model. It considers all types of traffic instead of just time-sensitive traffic (i.e. voice and video). There is more protection for prioritized, time-sensitive packets with this method.
Identify and explain the 6 steps of incident response.
Preparation: Brainstorming of possible incidents and planning procedures to tackle them
Detection and Identification: Staff or system alerts about potential problems are sent to assigned personnel (not all staff are related directly to incident response.)
Containment: Trying to limit damage. Affected areas and/or systems are isolated
Remediation: Finding the cause of the problem and resolution of it
Recovery: Everything goes back to normal
Review: Reflecting on the incident and adjusting preparations and prevention strategies accordingly