- Which version of SNMP first allowed user-based access?
Show (Hide) Explanation/ReferenceThe user-based access control implemented by SNMPv3 is based on contexts and user names, rather than on IP addresses and community strings. It is a partial implementation of the view-based access control model (VACM).
- A. SNMPv3 with RBAC
- B. SNMPv3*
- C. SNMPv1
- D. SNMPv2
- What is the first step you perform to configure an SNMPv3 user?
Show (Hide) Explanation/ReferenceThe first step we need to do when configuring an SNMPv3 user is to configure the server group to enable authentication for members of a specified named access list via the “snmp-server group” command. For example:
- A. Configure server traps.
- B. Configure the server group.*
- C. Configure the server host.
- D. Configure the remote engine ID.
Router(config)# snmp-server group MyGroup v3 auth access snmp_ac
In this example, the SNMP server group MyGroup is configured to enable user authentication for members of the named access list snmp_acl.
- Which statement about SNMPv2 is true?
Show (Hide) Explanation/ReferenceDefault values do not exist for authentication or privacy algorithms when you configure the SNMP commands. Also, no default passwords exist. The minimum length for a password is one character, although we recommend that you use at least eight characters for security. If you forget a password, you cannot recover it and must reconfigure the user. You can specify either a plain text password or a localized Message Digest 5 (MD5) digest.
- A. Its privacy algorithms use MD5 encryption by default.
- B. It requires passwords to be encrypyed.
- C. Its authentication and privacy algorithms are enabled without default values.*
- D. It requires passwords at least eight characters in length.
- Which command can you enter on a switch to determine the current SNMP security model?
Show (Hide) Explanation/ReferenceThree security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined with the security level determine the security mechanism applied when the SNMP message is processed.
- A. snmp-server contact
- B. show snmp pending
- C. show snmp group*
- D. show snmp engineID
The command “show snmp group” displays the names of groups on the router and the security model, the status of the different views, and the storage type of each group. Below is an example of this command.
- Which command do use we use to see SNMP version?
Show (Hide) Explanation/ReferenceThe “show snmp pending” command displays the current set of pending SNMP requests. It also displays the SNMP version used.
- A. show snmp pending*
- B. show snmp engineID
- C. snmp-server manager
Router# show snmp pending req id: 47, dest: 188.8.131.52.161, V2C community: public, Expires in 5 secs req id: 49, dest: 184.108.40.206.161, V2C community: public, Expires in 6 secs req id: 51, dest: 220.127.116.11.161, V2C community: public, Expires in 6 secs req id: 53, dest: 18.104.22.168.161, V2C community: public, Expires in 8 secs
The “show snmp engineID” displays the identification of the local SNMP engine and all remote engines that have been configured on the router. The following example specifies 00000009020000000C025808 as the local engineID and 123456789ABCDEF000000000 as the remote engine ID, 22.214.171.124 as the IP address of the remote engine (copy of SNMP) and 162 as the port from which the remote device is connected to the local device:
Router# show snmp engineID Local SNMP engineID: 00000009020000000C025808 Remote Engine ID IP-addr Port 123456789ABCDEF000000000 126.96.36.199 162
- Which three statements about the features of SNMPv2 and SNMPv3 are true? (Choose three)
Show (Hide) Explanation/ReferenceSNMPv1/v2 can neither authenticate the source of a management message nor provide encryption. Without authentication, it is possible for nonauthorized users to exercise SNMP network management functions. It is also possible for nonauthorized users to eavesdrop on management information as it passes from managed systems to the management system. Because of these deficiencies, many SNMPv1/v2 implementations are limited to simply a read-only capability, reducing their utility to that of a network monitor; no network control applications can be supported. To correct the security deficiencies of SNMPv1/v2, SNMPv3 was issued as a set of Proposed Standards in January 1998. -> A is correct.
- A. SNMPv3 enhanced SNMPv2 security features*
- B. SNMPv3 added the Inform protocol message to SNMP
- C. SNMPv2 added the Inform protocol message to SNMP*
- D. SNMPv3 added the GetBulk protocol messages to SNMP
- E. SNMPv2 added the GetBulk protocol message to SNMP*
- F. SNMPv2 added the GetNext protocol message to SNMP
The two additional messages are added in SNMP2 (compared to SNMPv1)
GetBulkRequest The GetBulkRequest message enables an SNMP manager to access large chunks of data. GetBulkRequest allows an agent to respond with as much information as will fit in the response PDU. Agents that cannot provide values for all variables in a list will send partial information. -> E is correct.
InformRequest The InformRequest message allows NMS stations to share trap information. (Traps are issued by SNMP agents when a device change occurs.) InformRequest messages are generally used between NMS stations, not between NMS stations and agents. -> C is correct.
Note: These two messages are carried over SNMPv3.
- Which feature can you use to restrict SNMP queries to a specific OID tree?
- A. server group
- B. a community
- C. a view record*
- D. an access group