SNMP Versions
What does SNMP stand for?
Simple Network Management Protocol
What is a network baseline?
A network baseline is a report of the network's normal state of operation. (May include a range of acceptable measurements)
What does QoS stand for?
Quality of Service
What is the first step in the incident response process?
Blackout is a COMPLETE power loss while Brownout is momentary power loss.
Which SNMP version introduced encryption?
SNMPv3
Why is establishing a baseline important?
It is important because it serves as a basis of comparison for future performance increases or decreases as the network changes.
Name one method used to implement QoS.
DiffServ (Differentiated Services)
CoS (Class of Service)
What is the purpose of the containment step?
The purpose is to stop the threat from affecting more data/systems or minimize damage.
Define Noise and what causes it.
Noise is a fluctuation in voltage levels which is caused by other devices on a network or an EMI (Electromagnetic Interference).
Describe a key difference between SNMP v1 and v3.
SNMPv1 was the original version, however, is rarely used today while SNMPv3 has authentication, validation, and encryption for exchanged messages.
How often should a network baseline be reviewed?
It should be reviewed and updated every month.
Why is QoS important for VoIP applications?
VoIP apps are considered delay-sensitive meaning that voices need to be delivered quickly to work as intended. QoS adjusts and assigns priority to the VoIP apps.
Describe the eradication step.
Eliminates the root cause of the incident and essentially removes all threats from the network/system.
What is the MAIN difference between Noise and Surges?
Noise is a FLUCTUATION in voltage levels while Surges are strictly INCREASED voltage levels.
What are the security features of SNMP v3?
It adds authentication, validation and encryption for exchanged messages between managed devices and the network management console.
What tools can be used to establish a network baseline?
SEIM (Security information and Event Management) measures device availability and performance, interface statistics, utilization, error rate, packet drops, and jitters to aid in establishing a network baseline.
Explain the difference between traffic shaping and traffic policing.
Traffic shaping manipulates packets/data streams to manage the type (voice/video) and amount of traffic that is on a network while traffic policing limits the traffic volume that comes in and out during a set time period.
Why is the lessons learned step important?
It analyzes the vulnerability of the network or system and strengthens the security to prevent future incidents.
What causes Surges?
Surges are caused by lightning strikes, solar flares, and electrical problems.
Name ALL three SNMP versions with a brief description for each.
SNMPv1 - Original version and rarely used today
SNMPv2 - Slightly improved security with increased performance compared to SNMPv1
SNMPv3 - Builds upon SNMPv2 adding authentication, validation, and encryption
Name 2 network traffic information that a network performance baseline analyzes.
-Network backbone utilization rate
-Number of users logged on per day/hour
-Number of protocols running on a network
-Error statistics (Runts, Jabbers, Giants)
-Frequency of application use
-Bandwidth usage
-Protocol
-IP address
-User group
-DiffServ in an IP packet
-VLAN tag in a frame
-Service/application
What is an incident response plan?
It defines the characteristics of an event and outlines the steps that should be followed.
Name ALL 4 types of power flaws.
-Surges
-Noise
-Blackout
-Brownout