3.2 Given a scenario, use network monitoring technologies.

Question 1

What is a SNMP Trap?

Answer 1

• Most SNMP operations expect a poll, devices then respond to the SNMP request, requiring constant polling.
• Communicates over UDP 162
• It allows you to configure a switch or router to look for a certain number of CRC errors to occur.

Question 2

What is an MIB?

Answer 2

• Management Information Base
• This is what SNMP provides to the network administrator.
• Database contains Object Identifiers (OIDs).
  Occurs over UDP 161

Question 3

What is SNMP v2c?

Answer 3

• Data type enhancements, bulk transfers, but still “in the clear” (unencrypted).

Question 4

What is SNMP v3?

Answer 4

• This is the most current version that has message integrity, authentication, and encryption.

Question 5

What role do community string play in SNMP?

Answer 5

• A simple password that allows you access to the SNMP data on that device.
• You can usually set-up multiple on a single device.
• SNMPv3 uses username and password.

Question 6

What role does authentication play in SNMP?

Question 7

What is flow data?

Answer 7

• It gathers traffic statistics from all traffic flows
• It is shared communication between devices.
• Netflow is standard collection method; Probe and collector watches network communication and summary records are sent to the collector.

Question 8

What is the benefit of packet capture?

Question 9

What are the benefits of log aggregation?

Question 10

What is a SIEM?

Answer 10

• Security Information and Event Management (console)
• It is logging of security events and information that may contain a dashboard with real-time information.

Question 11

What is API integration?

Answer 11

• Application Programming Interface
• It allows you to automate the process of logging into devices one by one, utilizing a batch/script process at the command line to make changes to a switch or router.

Question 12

What are the benefits of port monitoring?

Answer 12

• Allows you to view an identical copy of the traffic traversing that port via port mirroring.

Question 13

What is “ad hoc” network discovery?

Answer 13

• When you need to scan as needed or when required.

Question 14

What is “scheduled” network discovery?

Answer 14

• Scans that occur at regular intervals that would report on moves, adds, and changes.

Question 15

How is traffic analysis beneficial?

Answer 15

• Detailed frame by frame description of the traffic that flows across your network.
• View traffic summaries to generate detailed forensics reports.

Question 16

What is performance monitoring?

Answer 16

• Amount of network use over time and can gather the information from SNMP, Netflow, protocol analysis, software agent.

Question 17

What is availability monitoring?

Answer 17

• Is a device up or is it down?
• The most important statistic
• Can set it for alarms or alerts so that notification can be generated should an interface fail to report.

Question 18

What is configuration monitoring?

Answer 18

• You have ten identical web servers, should you have ten identical configs? How do you confirm this?

Question 19

What is an SNMP OID?

Answer 19

• Object Identifier
• It can be referenced by name or number
• Every variable in the MIB has a corresponding OID
• Some of these are common across devices and some manufacturers define their own.

Question 20

What is a protocol analyzer?

Answer 20

It is able to gather frames on the network to solve complex application issues; it can sometimes be built into the device.