312-50V11 · Question #632
SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hos
The correct answer is B. It uses community string that is transmitted in clear text. D. It is used by all network devices on the market.. SNMPv1 and v2c transmit community strings in clear text over UDP, and their near-universal deployment across network devices makes them a broad attack target.
Question
SNMP is a protocol used to query hosts, servers, and devices about performance or health status data. This protocol has long been used by hackers to gather great amount of information about remote hosts. Which of the following features makes this possible? (Choose two)
Options
- AIt used TCP as the underlying protocol.
- BIt uses community string that is transmitted in clear text.
- CIt is susceptible to sniffing.
- DIt is used by all network devices on the market.
How the community answered
(50 responses)- A8% (4)
- B88% (44)
- C4% (2)
Why each option
SNMPv1 and v2c transmit community strings in clear text over UDP, and their near-universal deployment across network devices makes them a broad attack target.
SNMP primarily uses UDP on ports 161 (queries) and 162 (traps), not TCP, which actually makes it harder to filter and easier to spoof.
SNMPv1 and v2c authenticate requests using community strings (e.g., 'public', 'private') that are sent in plaintext within the UDP packet, allowing any attacker with network access to capture and reuse them via a packet sniffer.
Susceptibility to sniffing is a direct consequence of clear-text community strings (option B) rather than an independent feature of the protocol that enables information gathering.
Because SNMP is implemented on virtually all network devices including routers, switches, printers, and servers, a single compromised community string can be used to query a large portion of an enterprise network for performance metrics, interface details, and topology data.
Concept tested: SNMP community string exposure and attack surface
Source: https://www.cisco.com/c/en/us/support/docs/ip/simple-network-management-protocol-snmp/7282-12.html
Topics
Community Discussion
No community discussion yet for this question.