SNMP Versions
Baseline
QoS (Quality of Service)
6 Steps of Incident Response
Bonus Round (All Categories)
100

What does SNMP stand for?

Simple Network Management Protocol.

100

How would you define a network baseline?

A network baseline is a standard measurement of normal network performance, including traffic patterns and usage, used as a reference for detecting anomalies.

100

Expand the acronym QoS.

Quality of Service.

100

What is the initial step in the incident response process?

Preparation

100

What is an SNMP trap?

An alert message sent from an SNMP-enabled device to a network monitoring system when a specific event occurs.

200

Which version of SNMP was the first to include encryption?

SNMP v3

200

Why is it important to create a network baseline?

To identify unusual activity, troubleshoot network issues, and maintain optimal network performance.

200

What is one method commonly used to implement QoS?


Prioritizing traffic using techniques like Differentiated Services (DiffServ) or traffic classification.

200

What is the main goal of the containment phase during incident response?


 To isolate and limit the impact of the incident on the network and systems.

200

Which type of anomaly detection relies on a baseline?

Behavioral anomaly detection.

300

Highlight one major difference between SNMP v1 and SNMP v3

SNMP v3 includes enhanced security features such as authentication and encryption, while SNMP v1 does not.

300

How frequently should you review and update a network baseline?

Regularly, especially after significant changes to the network infrastructure or traffic patterns.

300

Why is QoS essential for applications like VoIP?

 To ensure low latency, minimal packet loss, and high reliability for real-time communication.

300

Explain what happens during the eradication step of incident response.

The root cause of the incident is identified and removed, such as eliminating malware or fixing vulnerabilities.

300

What is jitter, and how does it affect VoIP calls?

Jitter is the variation in packet arrival times, which can cause distorted or choppy audio in VoIP calls.

400

What security features are included in SNMP v3?

Authentication, encryption, and message integrity.

400

Name a tool that can help in establishing a network baseline.

Tools like SolarWinds, Wireshark, or PRTG Network Monitor.

400

 What is the key difference between traffic shaping and traffic policing?


Traffic shaping delays excess packets to smooth out traffic flow, while traffic policing drops or re-marks excess packets that exceed a set limit.

400

Why is it critical to include the lessons learned phase in incident response?

To review the incident, improve the response plan, and prevent similar incidents in the future.

400

What document outlines the procedures for incident response?

The Incident Response Plan (IRP).

500

Name a port number commonly used by SNMP.

Port 161 for general communication and Port 162 for trap messages.

500

What kind of data is typically collected to establish a network baseline?

Traffic patterns, bandwidth usage, device performance, and network response times.

500

Which layer of the OSI model is most associated with QoS?

Layer 3 (Network Layer), but it can also be applied at Layer 2 (Data Link) and Layer 7 (Application).

500

Which step of the incident response process involves restoring normal business operations?

Recovery

500

What is the primary goal of network segmentation?

To limit the spread of threats and control access within a network.