Term
The de facto network management protocol for TCP/IP networks. (pg. 708)
A. TLS
B. HTTPS
C. UDP
D. SNMP |
|
Definition
D. It's in the name - Simple Network Management Protocol.
SNMP uses UDP ports 161 and 162 for nonsecure communication, and TLS ports 10161 and 10162 when security is added. |
|
|
Term
When an SNMP manager/network management system wants to query an agent, it sends a ___ request. An agent then sends a ___ with the requested information. (pg. 710)
A. Get/Response
B. ping
C. SYN/ACK
D. Set/Trap
|
|
Definition
A. Get/Response
If an SNMP manager wants an agent to make changes to the information it queries, it uses the Set request.
An agent uses the Trap request to get information from the SNMP manager.
A ping is used by one system to check "up/down" status of an IP addressed host.
The SYN and ACK commands are two of the segments in the TCP three-way handshake between a client and server. |
|
|
Term
A tool that queries a network interface and collects packets in a file. (pg. 713)
A. traffic inspector
B. interface monitor
C. protocol analyzer
D. packet sniffer |
|
Definition
D. Packet sniffers typically sit on a single computer, or perhaps on a router or dedicated piece of hardware.
Protocol analyzers process capture files from packet sniffers and gives you an output of that information.
An interface monitor tracks the bandwidth and utilization of one or more interfaces on one or more devices. |
|
|
Term
A log of performance indicators used to establish what is considered normal performance of the network and servers when they are working correctly. (pg. 721)
A. protocol analyzer
B. sensor
C. baseline
D. packet sniffer |
|
Definition
C. CPU usage and network utilization are typical values in a baseline log. A major change in these values an point to problems on a server or network as a whole.
Packet sniffers, protocol analyzers and sensors are all tools useful for collecting key performance indicators that can be used to establish the baseline. |
|
|
Term
The default destination port for syslog, the default performance monitoring tool built into macOS and Linux. (pg. 725)
A. UDP port 53
B. UDP port 514
C. TCP port 601
D. TCP port 514 |
|
Definition
B. syslog uses UDP port 514.
DNS uses UDP port 53.
The other two aren't very relevant. |
|
|
Term
An SNMP manager uses which port when used with TLS? (pg. 712)
A. 161
B. 162
C. 10161
D. 10162 |
|
Definition
D. An SNMP manager uses port 10162 with Transport Layer Security. When an agent responds, it uses 10161.
Without TLS, the manager would use UDP 161 and the agent would use UDP 162. |
|
|
Term
Which tool would you use to capture and analyze the traffic between two workstations to see if there is anything illicit going on? (pg. 716)
A. interface monitor
B. packet flow monitor
C. packet sniffer
D. performance monitor |
|
Definition
B. Packet flow monitoring software tracks traffic flowing between specific source and destination devices.
An interface monitor is like a traffic monitor for the network instead of being between two devices.
A packet sniffer captures packet data from a single device.
Performance monitors track the performance of some aspect of a system over time. |
|
|