Network Monitoring

Question 1

the de facto protocol for network management on TCP/IP networks

Answer 1

Simple Network Management Protocol (SNMP)

Question 2

part of an SNMP system that requests and process information from managed devices; uses UDP port 162 or, with TLS, TCP port 10162.

Answer 2

SNMP manager

Question 3

the specialized software run by the SNMP manager

Answer 3

network management station

Question 4

the specialized software run by managed devices in an SNMP system; uses UDP port 161 or, with TLS, TCP port 10161

Answer 4

agent

Question 5

a protocol that can be adapted to accomodate various needs, like SNMP

Answer 5

extensible protocol

Question 6

used by SNMP to categorize the information that can be queried; inform SNMP monitors what can be monitored on a specific device

Answer 6

management information base (MIB)

Question 7

the eight core functions of an SNMP system

Answer 7

protocol data unit (PDU)

Question 8

function sent by an SNMP manager when it wants to query an agent

Answer 8

Get

Question 9

function sent by an SNMP manager to make changes to variables

Answer 9

Set

Question 10

function sent by an agent containing the requested information from a Get request

Answer 10

Response

Question 11

function used by an agent to solicit information from an NMS or send information to the NMS without first being queried

Answer 11

Trap

Question 12

SNMP utility that tells the SNMP manager to perform a series of Get commands

Answer 12

snmpwalk

Question 13

SNMP capability that sends alert notifications to techs, such as through text messages or email

Answer 13

event management

Question 14

program that queries a network interface and stores packets in a capture file on a computer, router, or dedicated piece of hardware; used where there is a suspicion of malicious network access/probing; need to collect as much data as possible, usually set in promiscuous mode or via a mirrored port on a switch

Answer 14

packet sniffer/sniffer

Question 15

Cisco tool found in their routers and switches that tracks traffic flowing between specific source and destination devices

Answer 15

Netflow

Question 16

tool that tracks the bandwidth and utilization of one or more interfaces, such as a physical port or ports, on one or more devices

Answer 16

interface monitor

Question 17

a tool that keeps track of the performance of a certain aspect of a system over time; requires detailed understanding of the low-level aspects of the system, so it’s usually tied to an operating system or application

Answer 17

performance monitor

Question 18

the particular aspect that is tracked by a performance monitor

Answer 18

counter (Perf Mon); facility (syslog)

Question 19

computers in a network that are receiving the most data

Answer 19

top listener

Question 20

network monitoring approach that is a mashup of SEM and SIM; typically only used by large enterprises; can be self-implemented or administered by a vendor

Answer 20

security information and event management (SIEM)

Question 21

process of monitor security event in real-time, often through edge devices, and saving the events to a location to be analyzed; also collects and centralizes disparately located event logs

Answer 21

security event management (SEM)

Question 22

process of SIEM where the saved log files are analyzed, either through automated or human interpreters

Answer 22

security information management (SIM)

Question 23

the process of checking for changes in various aspects of a file

Answer 23

file integrity monitoring

Question 24

vendor who is under contract to administer an SIEM system

Answer 24

managed security service provider (MSSP)