Network Monitoring

Question 1

There are tools that show interface statistics or Status on the following:

Answer 1

Link State
Speed and Duplex factors
Send and Receive Traffic
Cyclic Redundancy Check (CRC) errors
Giants and Runts
Encapsulation errors
Byte Count

Question 2

A great monitoring tools are:

Answer 2

Zabbix
Grafana
Solar Winds
LibreNMS

Question 3

Giants and Runts refer to the actual_______ _____ in a frame

Answer 3

packet size

Question 4

Networks must be monitored in a number of ways, including:

Answer 4

performance, traffic, and environmental

Question 5

this tool allows you to manage and monitor network devices from a single comuter:

Answer 5

Simple Network Management Protocol ( SNMP )

Question 6

_________ are installed on a device to communicate with SNMP

Answer 6

Agents

Question 7

A machine that communicates with a managed device is called a:

Answer 7

SNMP Manager and use the following ports for listening,
Unencrypted - UDP 162
Encrypted - TLS 10162

Question 7

Network managed devices or agents run on these ports:

Answer 7

non-encrypted use - UDP listen on port 161
Encrypted use - TLS listen on port 10161

Question 8

this helps with the communication between the Agent and SNMP manager that’s built into the Agent, like a database:

Answer 8

Management Information Base (MIB)

Question 9

This is a standard query within SNMP that consists of an NMS

Answer 9

Get

Question 10

this is setup on the managed devices itself

Answer 10

Trap

Question 11

considered a batch of Gets

Answer 11

Walk

Question 12

this tool is setup on Linux and is also considered a batch of Gets:

Answer 12

SnMPWalk

Question 13

There are 3 versions of SNMP

Answer 13

SNMP version 1 does not support encryption at all
SNMP version 2 slightly expanded the command set and has encrypt
SNMP version 3 more robust TLS ecryption

Question 14

An ______ _________ is an organization of managed devices

Answer 14

SNMP community

Question 15

The following are open source NMS for graphing SNMP data:

Answer 15

Cacti
Nagios
Zabbix
Spiceworks

Question 16

Where is a place to setup and view logs:

Answer 16

Windows - Event Viewer and
Unix systems utilizes SYSlog - standard format / works well with SNMP uses hierarchy of errors, like displays the worst to least problematic
History Logs
Change Logs

Question 17

_____ _______ are a big deal, packets that are coming in and out of network that are clustered or messed up. Abnormal warnings of these might signify security breaches or broken equipment

Answer 17

Error rates

Question 18

__________ is basically the monitoring of how your CPU is working, is it being overworked, where and why?

Answer 18

Utilization

Question 19

this metric in Network monitoring lets you know when a host, server, or switch is having issues sending and receiving data.

Answer 19

Packet Drops

Question 20

This metric is telling us how much data we are actually moving through our throughputs.

Answer 20

Bandwidth

Question 21

A specialized metric that lets you know that all of a file was received in the proper sequence.

Answer 21

File Integrity

Question 22

_______________ helps identify irregular activity that needs to be investigated.

Answer 22

Baselines

Question 23

This actually brings all of the monitoring services into one:

Answer 23

Security information and event management (SIEM)

Question 24

When it comes to SIEM we are talking about 2 things:

Answer 24

Aggregation - grabbing and storing data ( time synchronization is key)
Normalization - Like when data is kept the same way regarding personal information is documented chronologically logs are also critical / WORM or write once, read many drives.

Correlation - must have alerts, for notifications when something goes bad. Triggering when thresholds are breached

Question 25

Other helpful tools like SIEM that access and correlate across logs to review an event are:

Answer 25

Splunk
Arcsight
ELK ( Elasticsearch, Logstash, Kibana)

Question 26

Network troubleshooting theory involves the following:

Answer 26

To find the problem, gather information, identify the symptoms of the problem, question the users, and see if there have been changes

Establish the theory of probable cause, use the OSI model to help identify location and problem, and consider future prevention methods.

Test the theory, isolate variables, establish a plan of action, plan out steps, implement, verify, and test.