Network management/policies

Question 1

Incident Response Plan

Answer 1

Contains set of instructions to help network and system admins detect, respond to, and recover from network security incidents.
-cyber crime, data loss, and service outages that threaten daily work.

Question 2

Business Continuity Plan

Answer 2

Document that outlines how a business will continue operating during an unplanned disruption in service.
-more comprehensive than disaster recovery plan and contains contingencies for business processes, assets, your human capital and business partners, and all other business aspects that might be affected.

Question 3

System Life Cycle Plan

Answer 3

Describes approach to maintaining an asset from creation to disposal.
-5 phase lifecycle:
Planning, Design, Transition, Operations, and Retirement

Question 4

Data Loss Prevention

Answer 4

Used to ensure that end-users do not send sensitive or critical information outside the corporate network.

Question 5

Acceptable Use Policy (AUP)

Answer 5

Admin controls
-set of rules the restricts the ways a network device can be used and set guidelines on how it should be used

Question 6

Non-disclosure agreement (NDA)

Question 7

Memorandum of Understanding (MOU)

Question 8

Service Level Agreement (SLA)

Answer 8

Admin controls
-contract between a service provider and end user that defines the level of service expected from provider. (Specifically defines what the customer will receive like faster response times)

Question 9

NetFlow

Answer 9

Defines a particular traffic flow based on the different packets that share the same characteristics

Question 10

Flow analysis

Answer 10

Relies on flow collector to record metadata and statistics about network traffic rather than recording each frame
-highlights trends and patterns

Question 11

Zeek

Answer 11

Passive monitors a network like a sniffer, but only logs full packet capture data of potential interest

Question 12

MRTG

Answer 12

Multi Router Traffic Grapher
-creates graphs showing traffic flow through the network interfaces of routers and switches by polling the appliances with SNMP

Question 13

Rollback Plan

Answer 13

Purpose is to document at every point during deployment of a change or upgrade where you can stop the deployment and return to a known good state.

Question 14

Disaster Recovery Plan

Answer 14

Documented, structured approach that documents how an organization can quickly resume work after an unplanned incident.
-natural disasters, power outages, cyber attacks, and other disruptive events.

Question 15

Condition/Severity Levels

Answer 15

0 - emergency - system is unstable
1 - alert - condition that should be corrected immediately
2 - critical - failure that needs immediate attention
3 - error - something happening preventing proper function
4 - warning - error may occur if action not taken
5 - notice - events are unusual
6 - information - requires no action
7 - debugging - info for developers as they are debugging

Question 16

Troubleshooting methodology

Answer 16

1. Identify problem
2. Establish theory of probable cause
3. Test theory
4. Establish a plan of action to resolve problem and identify potential effects
5. Implement solution or escalate
6. Verify full system functionality and implement preventative measures(if possible)
7. Document

Question 17

SNMP

Answer 17

-Used to send and receive data from devices to centralized network management station
-Granular
—trap messages get unique object indentifier (OID) for manager to distinguish each message.
—stores OID information in a translation file called MIB (Management Information Base)
—manager only needs to see OID to look up information instead of alert information being contained in the trap.
—prevent redundant info and uses less bandwidth

-Verbose
—all messages sent from one device use the same OID
—alerts as payloads
—simple key:value pair (variable binding)

Question 18

SNMP TRAP

Answer 18

Enables managed device to send out alerts to SNMP manager. These traps messages concern the failure of the monitored device, maintenance issues, etc.
INFORM message sent from manager in reply to trap message

Question 19

SNMP WALK

Answer 19

Chain of multiple getnext commands essentially goes through a MIB tree from OID to OID pulling information

Question 20

SNMP GET

Answer 20

Main method used to request information from a service agent on a specific object identifier.