Professional Documents
Culture Documents
4. What is the difference between an Intrusion Detection System and an Intrusion Prevention System?
8. What type of message does a SNMP manager use to pull information from an agent?
10. What tool processes and filters captured files based upon monitoring needs?
11. What tool tracks the bandwidth and utilization of interfaces on devices?
13. A log of performance indicators that represents a big picture of a network is referred to as?
V. Traffic monitoring
1. - Captures packets
- Analyzes packets and provides a textual analysis
tcpdump is a popular, lightweight command line tool for capturing packets and analyzing network traffic.
3. - Traffic bandwidth
- Storage capacity
it’s important to understand the amount of traffic the IDS would be analyzing. This ensures that the IDS system
is capable of keeping up with the volume of traffic. Storage capacity is important to consider for logs and packet
capture retention reasons.
4. An IDS can alert on detected attack traffic, but an IPS can actively block attack traffic. An IDS only detects
intrusions or attacks, while an IPS can make changes to firewall rules to actively drop or block detected attack
traffic.
8. GetRequest
9. Packet Sniffer
12. Logs
13. Baseline
15. Descriptions
I. Application-layer (Layer 7) protocol used to collect information from network devices for
diagnostic and maintenance purposes.
II. Capture and analyze traffic; create logs; alert you to events you define; monitor different
interfaces such as routers, switches, and servers; indicate areas of traffic congestion; help you
construct baselines; determine upgrade and forecast needs; and generate reports for
management.
III. Software tools that you can use to measure network throughput and capacity.
IV. Used to gather data related to the status of a network.
V. Used to gather data related to the traffic generated in a network.
VI. Used to trace the route taken by packets and detect routing delays, if any.
VII. Identification of the inbound and outbound protocols.
• Checking whether the protocols acknowledge each other. This step helps identify if the
protocols
communicate unidirectionally or bidirectionally.