SNMP Versions
What does SNMP stand for?
Simple Network Management Protocol
What is a network baseline?
A measurement of the normal working conditions of a network for comparison purposes.
What does QoS stand for?
Quality of Service
What is the first step in the incident response process?
Perparation
Which SNMP version introduced encryption?
SNMPv3 (SNMP version 3)
Why is establishing a baseline important?
It allows people to see if the network is performing in an abnormal way.
Name one method used to implement QoS.
Traffic Shaping
Traffic Policing
What is the purpose of the containment step?
To stop the Incident from spreading and becoming bigger than it already is.
Describe a key difference between SNMP v1 and v3.
SNMNP version 3 offers/supports authentication and encryption.
What three terms are used for Bandwidth Management.
Flow Control
Congestion Control
QoS
List three characteristics for prioritizing traffic.
Protocol
Ip address
User group
DiffServ
VLAN tag in Data Link layer frame
Service or application
Describe the Remediation step.
The phase where the root cause of a security incident is completely removed, effectively eliminating the threat from the system and restoring affected systems to a clean state, aiming to prevent reinfection or further damage
What are the security features of SNMP v3?
Authenication
Encryption
Message Integrity
List 3 or more Common Performance KPIs
Device availability and performance
Interface statistics
Utilization
Error Rate
Packet drops
Jitter
Explain the difference between traffic shaping and traffic policing.
Traffic shaping actively delays packets exceeding a set rate to smooth out traffic flow, while traffic policing simply drops packets that exceed the allowed rate, resulting in immediate packet loss and potential disruption
Why is the review step important?
It allows you to look at what caused the problem and make preparations to make sure or limit it happening again.