Exam N10-008 topic 1 question 126 discussion

A. Modify the device's MIB on the monitoring system. In this scenario, the network administrator should first modify the device's Management Information Base (MIB) on the monitoring system. A MIB is a database used by SNMP to manage and monitor devices in a network. After replacing the firewall, the SNMP MIB on the monitoring system might not be updated to reflect the changes made on the new device, and this might cause some alarms and metrics related to network availability to stop updating. By modifying the device's MIB on the monitoring system, the administrator can ensure that the monitoring system can communicate properly with the new firewall and receive updated information on network availability. Configuring syslog, using port mirroring, or deploying SMB are all methods of transferring data to the monitoring system but they do not address the root cause of the problem, which is the lack of updated MIB on the monitoring system.

Question focuses on SNMP and that is connected to MIB. That's comptia thinking. You need to know that SNMP = MIB. If sth is unclear you HAVE to go with basics. And most important - answer have to be related to the question. Even tho syslog may (or might not) make more sense, that is not the question.

Answer is B The firewall is replaced, The new one should be configured to send syslog to the monitoring system.

Gonna pick syslog here - for the rationale that a working SNMP before the firewall replacement is not suggestive that modifying the MIB would fix anything. Answering "A" to me is kinda like saying, "Implement SNMP again" when its obviously something at the firewall. So at least syslog could pick up events/security issues while that was being fixed.

Syslog is not supported by SNMP, instead, networks that support SNMP traffic only, Cisco routers can encapsulate their syslog messages into SNMP traps before sending them. This feature is most useful if your network management software doesn't support the syslog protocol. https://www.oreilly.com/library/view/cisco-ios-cookbook/0596527225/ch17s15.html#:~:text=However%2C%20in%20networks%20that%20support,t%20support%20the%20syslog%20protocol. MIB (Management Information Base) A data set that defines the criteria of what that can be retrieved by diagnostic messages known as traps & can be set on a device using SNMP.

Uncle GPT says the first step in addressing the problem of SNMP data not updating after a firewall replacement is to ensure that the monitoring system is correctly configured with the new firewall's MIB information. This will enable it to collect the necessary metrics and alarms.

Ditto....

GPT selects (A) Modify the device's MIB on the monitoring system. It explains: "SNMP (Simple Network Management Protocol) relies on Management Information Base (MIB) files to understand and interpret the data being sent by network devices. When a firewall is replaced, the MIB information for the new firewall might be different from the old one, causing metrics and alarms to stop updating on the monitoring system. By modifying the device's MIB on the monitoring system, you ensure that the monitoring system can properly understand and interpret the SNMP data from the new firewall. This involves updating or adding the appropriate MIB files to the monitoring system's configuration. Options (B) Configure syslog to send events to the monitoring system and (C) Use port mirroring to redirect traffic to the monitoring system are not directly related to resolving SNMP-related issues. Option (D) Deploy SMB to transfer data to the monitoring system involves a different method of transferring data and is not relevant to addressing SNMP-related problems.

A. Modify the device's MIB on the monitoring system.

The correct answer is A. Modify the device's MIB on the monitoring system. The Simple Network Management Protocol (SNMP) is used to monitor network devices and systems. When a firewall is replaced, the new firewall may have different Management Information Base (MIB) variables or objects that the monitoring system needs to access to gather the desired information. Therefore, the first step the network administrator should take is to modify the device's MIB on the monitoring system to ensure that the monitoring system can collect the necessary data. Option B is incorrect because syslog is a different protocol used for collecting log messages, not SNMP metrics. Option C is also incorrect because port mirroring is used to capture and forward network traffic, but it does not affect SNMP metrics. Option D is not relevant since SMB is used for file sharing and does not relate to SNMP monitoring.

And I was expecting an answer for opening firewall to SNMP traffic :) Updating MIB looks like the right answer

After a firewall replacement, the MIB may have changed, causing the monitoring system to stop receiving updates. The first step the network administrator should take is to modify the device's MIB on the monitoring system to match the new firewall's MIB.

The correct answer would be B. Configure syslog to send events to the monitoring system. The first thing the network administrator should do is to check whether the monitoring system is still receiving syslog events from the firewall. If syslog is not configured or properly configured on the firewall, the administrator should configure it to send events to the monitoring system, this way they can have an idea of what's happening in the network and troubleshoot the problem. A. Modifying the device's MIB on the monitoring system would not necessarily solve the issue with the alarms and metrics not updating. C. Using port mirroring to redirect traffic to the monitoring system would not help in this case as it does not address the issue of alarms and metrics not updating. D. Deploying SMB to transfer data to the monitoring system is not related to SNMP or syslog and would not help in this situation either.

A. Modify the device's MIB on the monitoring system. SNMP (Simple Network Management Protocol) is a protocol used for managing and monitoring network devices. It uses a Management Information Base (MIB) to store information about the device's configuration, performance, and status. After a firewall replacement, the MIB may have changed, causing the monitoring system to stop receiving updates. The first step the network administrator should take is to modify the device's MIB on the monitoring system to match the new firewall's MIB. This will ensure that the monitoring system can continue to receive updates and alarms related to network availability. B. Configuring syslog to send events to the monitoring system, C. Using port mirroring to redirect traffic to the monitoring system, D. Deploy SMB to transfer data to the monitoring system. These options will not resolve the issue of SNMP not updating the monitoring system, they are other ways to monitor network devices but not the primary solution for SNMP not updating monitoring system.

You don't configure MIBS. MIBS are scanned on the device and come with it. SYSLOG servers are adjusted. The answer is B.

It said some alarms and metrics, it is look like the syslog level is not the same in the new FW.

I answered this correctly but not with full understanding. Can someone in laymen terms explain?