Consider working in a NOC/SOC and the kind of data that would be useful to you in the following scenarios. i. You are wo

[answerhappygod]

Consider working in a NOC/SOC and the kind of data that would be
useful to you in the following scenarios.
i. You are working in a NOC where you have been assigned
responsibilities for monitoring the Internet link for an
organisation and taking corrective actions to address outages or a
degraded service. The organisation maintains a significant online
retail web site, so they have two links: a high speed primary link
and a lower speed backup link. Give two examples of telemetry
information you would choose to keep on a dashboard to monitor for
problems with these services and explain how you would use this
information. Note: A degraded service is one which is performing
noticeably below expectations, e.g., a web site which usually
services on average 1000 requests per second is only achieving 10
per second.
ii. You are working in a SOC where your organisation has recently
had several accounts compromised. The organisation believes that
there are two likely sources of the compromises: phishing attacks
or spray attacks. Give two examples of telemetry information you
would choose to keep on a dashboard to monitor for potential
attacks in these areas and explain how you would use this
information. Note: a spray attack is very similar to a brute-force
password attempt, however where a traditional brute-force will try
different passwords for a single user, the spray attack will try a
single password against every user, before attempting a different
password.
Telemetry information can include any data obtained via SNMP,
IPFIX, or Syslog. If you are referring to SNMP data you do not need
to provide the specific MIB reference/field, however all source
data must be reasonable/realistic, e.g., there is no SNMP value
emailPhishingAttack or similar.