312-50V10 · Question #931
Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's network. He decides to setup a SPAN port and capture all traffic to the datacenter. He immediately disco
The correct answer is B. SNMP and he should change it to SNMP V3. UDP port 161 is used by SNMP, which transmits community strings and data in cleartext in versions 1 and 2c; SNMPv3 must be used to add authentication and encryption.
Question
Bill is a network administrator. He wants to eliminate unencrypted traffic inside his company's network. He decides to setup a SPAN port and capture all traffic to the datacenter. He immediately discovers unencrypted traffic in port UDP 161. what protocol is this port using and how can he secure that traffic?
Options
- Ait is not necessary to perform any actions, as SNMP is not carrying important information.
- BSNMP and he should change it to SNMP V3
- CRPC and the best practice is to disable RPC completely
- DSNMP and he should change it to SNMP v2, which is encrypted
How the community answered
(31 responses)- A3% (1)
- B84% (26)
- C3% (1)
- D10% (3)
Why each option
UDP port 161 is used by SNMP, which transmits community strings and data in cleartext in versions 1 and 2c; SNMPv3 must be used to add authentication and encryption.
SNMP transmits sensitive data including community strings, device configurations, and interface statistics, making unencrypted SNMP a significant security risk that must be addressed.
UDP port 161 is the IANA-assigned port for SNMP. SNMPv1 and SNMPv2c use plaintext community strings with no traffic encryption, making all management data visible on a packet capture. SNMPv3 introduces the User-based Security Model (USM), which supports SHA/MD5 authentication and AES/DES encryption to eliminate cleartext exposure.
UDP 161 is not assigned to RPC and is exclusively used by SNMP per IANA; disabling RPC would have no effect on SNMP traffic.
SNMPv2c still transmits community strings in cleartext and provides no encryption, so upgrading to v2c does not resolve the unencrypted traffic problem.
Concept tested: SNMPv3 encryption and authentication for management traffic
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-16/snmp-xe-16-book/nm-snmp-cfg-snmp-support.html
Topics
Community Discussion
No community discussion yet for this question.