SNMP

Question 1

A network engineer is configuring SNMP on network devices to utilize one-way SNMP notifications. However, the engineer is not concerned with authentication or encryption. Which command satisfies the requirements of this scenario?

A. router(config)#snmp-server host 172.16.201.28 traps version 2c CISCORO
B. router(config)#snmp-server host 172.16.201.28 informs version 2c CISCORO
C. router(config)#snmp-server host 172.16.201.28 traps version 3 auth CISCORO
D. router(config)#snmp-server host 172.16.201.28 informs version 3 auth CISCORO

Answer: A

Explanation

“The engineer is not concerned with authentication or encryption” so we don’t need to use SNMP version 3. And we only use “one-way SNMP notifications” so SNMP messages should be sent as traps (no need to acknowledge from the SNMP server) -> A is correct.

Question 2

When using SNMPv3 with NoAuthNoPriv, which string is matched for authentication?

A. username
B. password
C. community-string
D. encryption-key

Answer: A

Explanation

There are three SNMP security levels (for SNMPv1, SNMPv2c, and SNMPv3):

+ noAuthNoPriv: Security level that does not provide authentication or encryption.
+ authNoPriv: Security level that provides authentication but does not provide encryption.
+ authPriv: Security level that provides both authentication and encryption.

For SNMPv3, “noAuthNoPriv” level uses a username match for authentication.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/sm_snmp.html

Question 3

To configure SNMPv3 implementation, a network engineer is using the AuthNoPriv security level. What effect does this action have on the SNMP messages?

A. They become unauthenticated and unencrypted.
B. They become authenticated and unencrypted.
C. They become authenticated and encrypted.
D. They become unauthenticated and encrypted.

Answer: B

Explanation

The SNMPv3 Agent supports the following set of security levels:
+ NoAuthnoPriv: Communication without authentication and privacy.
+ AuthNoPriv: Communication with authentication and without privacy. The protocols used for Authentication are MD5 and SHA (Secure Hash Algorithm).
+ AuthPriv: Communication with authentication and privacy. The protocols used for Authentication are MD5 and SHA ; and for Privacy, DES (Data Encryption Standard) and AES (Advanced Encryption Standard) protocols can be used. For Privacy Support, you have to install some third-party privacy packages.

Question 4

Which parameter in an SNMPv3 configuration offers authentication and encryption?

A. auth
B. noauth
C. priv
D. secret

Answer: C

Explanation

The SNMPv3 Agent supports the following set of security levels:
+ NoAuthnoPriv: Communication without authentication and privacy.
+ AuthNoPriv: Communication with authentication and without privacy. The protocols used for Authentication are MD5 and SHA (Secure Hash Algorithm).
+ AuthPriv: Communication with authentication and privacy. The protocols used for Authentication are MD5 and SHA ; and for Privacy, DES (Data Encryption Standard) and AES (Advanced Encryption Standard) protocols can be used. For Privacy Support, you have to install some third-party privacy packages.

In the CLI, we use “priv” keyword for “AuthPriv” (“noAuth” keyword for “noAuthnoPriv”; “auth” keyword for “AuthNoPriv”). The following example shows how to configure a remote user to receive traps at the “priv” security level when the SNMPv3 security model is enabled:
Router(config)# snmp-server group group1 v3 priv
Router(config)# snmp-server user PrivateUser group1 remote 1.2.3.4 v3 auth md5 password1 priv access des56

Question 5

What is the function of the snmp-server manager command?

A. To enable the device to send and receive SNMP requests and responses
B. To enable the device to send SNMP traps to the SNMP server
C. To disable SNMP messages from getting to the SNMP engine
D. To configure the SNMP server to store log data

Answer: A

Explanation

The “snmp-server manager” command is used to start the SNMP manager process. In other words, it allows the SNMP manager to begin sending and receiving SNMP requests and responses to the SNMNP agents.

Note: SNMP Manager (sometimes called Network Management System – NMS) is a software runs on the device of the network administrator (in most case, a computer) to monitor the network.

Question 6

What is the most security SNMP version?

A. v2c auth
B. v2c
C. v3
D. v1

Answer: C

Explanation

Both SNMPv1 and v2 did not focus much on security and they provide security based on community string only. Community string is really just a clear text password (without encryption). Any data sent in clear text over a network is vulnerable to packet sniffing and interception.

SNMPv3 provides significant enhancements to address the security weaknesses existing in the earlier versions. The concept of community string does not exist in this version. SNMPv3 provides a far more secure communication using entities, users and groups. This is achieved by implementing three new major features:
+ Message integrity: ensuring that a packet has not been modified in transit.
+ Authentication: by using password hashing (based on the HMAC-MD5 or HMAC-SHA algorithms) to ensure the message is from a valid source on the network.
+ Privacy (Encryption): by using encryption (56-bit DES encryption, for example) to encrypt the contents of a packet.

Note: Although SNMPv3 offers better security but SNMPv2c however is still more common.

Question 7

A network engineer is asked to create an SNMP-enabled proactive monitoring solution to ensure that jitter levels remain between particular boundaries. Which IP SLA option should the engineer use?

A. threshold
B. frequency
C. verify-data
D. timeout

Answer: A

Question 8

Which SNMP verification command shows the encryption and authentication protocols that are used in SNMPv3?

A. show snmp group
B. show snmp user
C. show snmp
D. show snmp view

Answer: B

Explanation

The command “show snmp user” displays information about the configured characteristics of SNMP users. The following example specifies the username as abcd with authentication method of MD5 and encryption method of 3DES.

Router#show snmp user abcd
User name: abcd
Engine ID: 00000009020000000C025808
storage-type: nonvolatile active access-list: 10
Rowstatus: active
Authentication Protocol: MD5
Privacy protocol: 3DES
Group name: VacmGroupName
Group name: VacmGroupName

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t2/snmpv3ae.html

Question 9

What SNMP version provides both encryption and authentication?

A. SNMPv1
B. SNMPv4
C. SNMPv3
D. SNMPv2c

Answer: C

Question 10

What is the reasons of command:

Router(config)#snmp-server host 192.168.1.3 traps version 2c CISCORO

A. For network system to management server
B. allow 192.168.1.3 only

Answer: A

Explanation

The snmp-server host global configuration command is used to specify the recipient of an SNMP notification operation, in this case 192.168.1.3. In other words, traps of the local router will be sent to 192.168.1.3. Therefore this command is often used to manage the device.

Question 11

Which three statements about SNMP are true? (Choose three)

A. The manager configures and send traps to the agent.
B. The manager sends GET and SET messages.
C. SNMPv3 supports authentication and encryption.
D. The manager polls the agent using UDP port 161
E. The MIB database can be altered only by the SNMP agent.
F. The agent is the monitoring device.

Answer: B C D

Explanation

The SNMP Manger can send GET, GET-NEXT and SET messages to SNMP Agents. The Agents are the monitored device while the Manager is the monitoring device. In the picture below, the Router, Server and Multilayer Switch are monitored devices.