300-410 Question #34: Real Exam Question with Answer & Explanation

Question

Drag and drop the SNMP attributes in Cisco IOS devices from the onto he correct SNMPv2c or SNMPv3 categories on the right.

Explanation

Correct mapping: SNMPv2c attributes:

• community string
• no encryption
• read-only SNMPv3 attributes:
• username and password
• authentication
• privileged

Detailed Explanation: Both SNMPv1 and v2 did not focus much on security and they provide security based on community string only. Community string is really just a clear-text password (without encryption), only data sent in clear text over a network is vulnerable to packet sniffing and interception. There are two types of community strings in SNMPv2c:

• Read-only (RO): gives read-only access to the MIB objects which is safer and preferred to other method.
• Read-write (RW): gives read and write access to the MIB objects. This method allows SNMP Manager to change the configuration of the managed router/switch so be careful with this type. The community string defined on the SNMP Manager must match one of the community strings on the Agents in order for the Manager to access the Agents. SNMPv3 provides significant enhancements to address the security weaknesses existing in the earlier versions. The concept of community string does not exist in this version. SNMPv3 provides a far more secure communication among entities, users and groups. This is achieved by implementing three new major features:
• Message integrity: ensuring a packet has not been modified in transit
• Authentication: by using password hashing (based on the HMAC-MD5 or HMAC-SHA algorithms) to ensure the message is from a valid source on the network
• Privacy (Encryption): by using encryption (56-bit DES encryption, for example) to encrypt the contents of a packet.

No community discussion yet for this question.