Comptia Net + - Module 12

What is Network Management?

Overseeing a network to ensure performance, prevent downtime, and predict issues.

What does Network Management involve? (the goal)

• Control access & check for faults.

• Ensure QoS (quality of service) & maintain records.

• Schedule maintenance & monitor traffic.

What does a Network Monitor do? (the big picture tool)

Provides a high-level view of traffic types, flow, and volume across the entire network.

What does a Protocol Analyzer do? (the detailed tool)

Captures frame-by-frame data between a device and the network for deep analysis and troubleshooting

How is wireless monitoring performed?

Software on a computer connected to the Wi-Fi network captures traffic over the air.

What is port mirroring?

A switch copies all traffic from one or more ports and sends it to a single mirrored port for analysis.

What are the two types of in-line monitoring?

1. Network TAP: A hardware device placed in-line to passively copy traffic.

2. Packet Sniffer: Software or hardware that actively captures in-line traffic.

What common issues can monitoring tools identify?

• Runts: Frames that are smaller than the minimum allowed size.

• Giants: Frames that exceed the maximum allowed size.

• Jabber: A device that is constantly sending corrupted data.

• Packet loss: Data packets that fail to reach their destination.

• Discarded packets: Packets intentionally dropped by a device (e.g., due to congestion).

• Interface resets: A network interface being restarted, often indicating instability.

How might monitoring tools send alerts?

Via email or text.

What is a Log?

A recorded set of conditions or events from an operating system or application.

What is an Event Log?

A log on a Windows-based computer.

What is Event Viewer?

The Windows application used to view log information.

What is the function of Syslog?

A standard for generating, storing, and processing messages about system events. Data is written to a system log.

What is a Syslog Generator?

The computer that is monitored and generates the event messages.

What is a Syslog Collector?

The computer that gathers and stores event messages from the generators.

How are logs used for fault management?

• Logs keep a history of events.

• They must be monitored for errors.

• Alerts are generated from these errors.

• Many tools exist to correlate and interpret log data.

What are SNMP Logs used for in enterprise systems?

They are part of enterprise-wide network management systems that accomplish fault and performance management using a similar architecture.

What is an NMS (network management system)?

A system that collects data from multiple managed devices through polling.

What is a managed device?

A network node that is monitored by the NMS.

What is a network management agent?

A routine on a managed device that collects information about its operation and provides it to the NMS.

What is a MIB (management information base)?

A "data dictionary" that contains the definitions and data for managed devices.

What is SNMP (simple network management protocol)?

A protocol used to communicate managed device information. It is part of the TCP/IP suite.

What are the key versions of SNMP?

• SNMPv3: The most secure version.

• SNMPv2: Still widely used.

• SNMPv1: The original version; rarely used today.

What is a Baseline and why is it important?

A report of a network's normal operation state. It is critical because without knowing what is normal, it is extremely difficult to troubleshoot problems.

What does a baseline measure?

• Network backbone utilization rate

• Number of users logged on per hour

• Number of protocols running

• Error statistics (e.g., runts, jabbers, giants)

• Bandwidth usage

Why compare future and past network performance?

To monitor the most critical network and user functions. More data provides more accuracy.

How is baseline data gathered?

Using software applications (including freeware) or expensive, customizable hardware and software.

What are common network performance metrics?

• Utilization

• Error rate

• Packet drops

• Response time

What is bandwidth management?

Strategies to optimize the volume of traffic a network can support.

What technologies are used in bandwidth management?

• Flow control: Balances traffic volume with a device's capability.

• Congestion control: Adjusts how devices respond to performance issues.

• QoS (Quality of Service): Prioritizes important traffic during congestion.

What is Flow Control?

A bandwidth management technique configured between two devices to ensure the receiver is not overwhelmed.

What are the two types of Congestion Control?

• Open-loop: Prevents congestion before it occurs.

• Closed-loop: Remedies congestion after it starts.

What is QoS and what does it manage?

Techniques for adjusting the priority a network assigns to various types of transmissions.

It manages delay-sensitive traffic like VoIP and video by preventing delays, disorder, and distortion, which requires more dedicated bandwidth.

What is the key principle of response and recovery?

Disasters and security breaches are a matter of "when, not if." Training and preparation are critical.

What is an incident?

An event with adverse effects on a network's availability or resources (e.g., security breach, infection, environmental issue).

What is a disaster?

An extreme incident involving an outage that affects more than one system.

What do Incident Response Policies define?

They define what qualifies as a formal incident and the steps to follow when one occurs.

What are the six stages of incident response?

1. Preparation

2. Detection and Identification

3. Containment

4. Remediation

5. Recovery

6. Review

What should an incident response policy identify?

It should identify the members of the response team and assign their responsibilities.

What are 5 common roles on an incident response team

• Dispatcher

• Technical support specialist

• Manager

• Public relations specialist

• Lawyer

What is disaster recovery?

The process of restoring critical functionality after a disaster.

What is a Disaster Recovery Plan?

A plan that accounts for worst-case scenarios with the goal of ensuring business continuity and the least amount of interruption.

What is a cold site?

A disaster recovery site where the necessary components exist but are not configured, updated, or connected.

What is a warm site?

A disaster recovery site where necessary components exist and some are configured, updated, and connected.

What is a hot site?

A disaster recovery site where all components exist, match the current network state, and are fully configured, updated, and connected.

What is the goal of power management?

To manage power sources to protect against outages and fluctuations that can damage equipment.

What are the four main types of power flaws?

• Surge: Momentary voltage increase (e.g., from lightning).

• Noise: Voltage fluctuation from devices or EMI.

• Brownout: Momentary voltage decrease (a sag).

• Blackout: Complete power loss.

What is a UPS (uninterruptible power supply)?

A battery-operated power source that prevents undesired power fluctuations.

What are the two main types of UPS?

• Standby UPS: Switches to battery when it detects a power loss from the wall outlet.

• Online UPS: Continuously charges its battery from the wall outlet while providing power to a device through that battery.

What is a generator's role in power management?

A backup power source for extended blackouts, powered by diesel, propane, natural gas, or steam.

How should generators be maintained and used?

They can be combined with a UPS for clean power, and fuel levels and quality must be checked regularly.

What is a data backup?

Multiple copies of data created for archiving and safekeeping.

What is the 3-2-1-1 backup rule?

• 3: Keep at least three copies of data.

• 2: Store backups on two different media types.

• 1: Keep one copy offsite.

• 1: Keep one copy offline.

What are key considerations when creating a backup system?

• Keep backups secure.

• Decide on backup type (full, incremental, differential).

• Develop a backup schedule.

• Establish regular verification.

What is the true goal of creating backups?

The ability to restore the data, not just to back it up.

What is RPO (recovery point objective)?

The maximum acceptable amount of data loss measured in time. It answers "How much data can you lose?"

What is RTO (recovery time objective)?

The maximum acceptable downtime for a service. It answers "How quickly do you need to be back up?"

How do RPO and RTO relate to cost?

A lower (faster) RPO or RTO requires a more expensive solution. There is a balance between business need and cost.

What is data replication?

The live, active copying of data to another location.

What is a storage snapshot?

The storage system "freezes" blocks of data, allowing you to go back in time. New changes are written to other blocks.

What is RAID?

A method to combine multiple hard drives into a single storage pool for redundancy and/or performance.

What are the four most common RAID types?

• RAID 0: Striping (performance, no redundancy)

• RAID 1: Mirroring (redundancy)

• RAID 5: Striping with parity (redundancy, efficient storage)

• RAID 10: Mirroring + Striping (high performance & redundancy)

Why is RAID 6 becoming popular?

It handles dual drive failures, which is important with large drive sizes.

When you arrive at work one morning, your inbox is full of messages complaining of a network slowdown. You collect a capture from your network monitor. What documentation can help you determine what has changed?

A baseline

What are the primary data link layer flow control methods?

Stop-and-wait method, go-back-n sliding window method, and selective repeat sliding window method

What’s the difference between an incident and a disaster?

A disaster is an extreme type of incident.

Which QoS technique operates at layer 2 to more efficiently route Ethernet traffic between VLANs?

CoS (Class of Service)

What’s the difference between a PDU and a UPS?

A PDU distributes power while a UPS stores power and serves as a backup power source

Why might you want to install two power supplies in a critical server?

If one power supply fails, the other can take over

What are the two main categories of UPSs?

Online and standby (or offline)

Which congestion control techniques help to prevent network congestion?

Retransmission policy, window policy, acknowledgment policy, discarding policy, and admission policy

What is the primary challenge in properly configuring NetFlow?

A significant challenge with NetFlow is determining the optimal balance between tracking all traffic and tracking enough traffic to sufficiently observe network behavior.

Which backup type, if performed daily, would offer the lowest RTO and why?

While unreasonable in reality, a full backup created every day would offer the lowest RTO because it contains all backed up data together in one place.