Network Security FAQ: Logging and Auditing

Network Security FAQ: Logging and Auditing

Q1. List the various destinations to which the logging process can send logging messages.

Answer: The logging process can send logging messages to the following destinations:

  • Logging buffer
  • Terminal lines
  • SYSLOG server
  • Console port

Q2. What is SYSLOG?

Answer: SYSLOG is a widely used protocol that can be used to view the reported status and events from a device. By installing a SYSLOG server daemon on a PC, you can check the status and event messages sent to that server from all devices that are configured to use that SYSLOG server.

Q3. Information at different warning levels is sent to a SYSLOG server. List the different warning levels.

Answer: The following table lists the different warning levels.
1

Q4. SNMP works on which layer of the OSI model?
a. Network layer
b. Session layer
c. Application layer
d. Datalink layer

Answer: c. SNMP works on the application layer.

Q5: Explain the difference between traps and informs when talking about SNMP notifications.

Answer: The difference between a trap and an inform request is that a trap is unreliable and an inform request is not. If a manager does not receive an inform request, it does not send a response to the agent. The manager sends a response only when an inform request is received. The advantage of using a trap is that it consumes less resources on a router.

Q6. When creating an access control for an SNMP community, which optional parameters can be configured to make it more secure?

Answer: The following optional parameters can be configured to make an access control for an SNMP community more secure:

  • An access list of the SNMP managers that are permitted to use the community string to gain access
  • A MIB view, which defines the subset of all MIB objects accessible to the given community
  • Read and write or read-only access

Q7. What is the show snmp user command used for?

Answer: The show snmp user command is used to display the information about each SNMP username in the SNMP user table.

Q8. What is RMON, and when is it used?

Answer: RMON stands for remote monitoring, and it can be used in conjunction with SNMP to monitor traffic using alarms and events. With RMON, you can identify activity on individual nodes and also monitor all nodes and their interaction on a LAN segment. When used in conjunction with the SNMP agent on a router, RMON allows you to view both traffic that flows through the router and segment traffic not necessarily destined for the router.

Q9. What can be measured using SAA?

Answer: SAA measures the following:

  • Network delay or latency
  • Packet loss
  • Network delay variation (jitter)
  • Availability
  • One-way latency
  • Website download time
  • Network statistics

Q10. What command is used to start SAA operation 3 immediately and to set the duration of that operation for 30 seconds?

Answer: The following command is used to start SAA operation 3 immediately and to set the duration of that operation for 30 seconds:

About the author

Scott

Leave a Comment