350-501 Question #24: Real Exam Question with Answer & Explanation

Question

Refer to the exhibit. A network administrator wants to enhance the security for SNMP for this configuration. Which action can the network administrator implement?

Options

• ARe-configure to use SNMPv2 with MD5 authentication
• BAdd a community string to the existing entry
• CRe-configure to use SNMPv3.
• DMaintain the configuration but switch to an encrypted password for device access through SSH

Explanation

To enhance SNMP security beyond basic community strings, re-configuring to use SNMPv3 is the most effective action.

Common mistakes.

• A. While SNMPv2 with MD5 authentication provides message integrity and authentication, it does not offer encryption (privacy) for the SNMP data itself, making it less secure than SNMPv3.
• B. Adding a community string to an existing entry is part of the basic configuration for SNMPv1/v2c and does not enhance security beyond what these versions inherently provide, which is sending community strings in clear text or with minimal security.
• D. Switching to an encrypted password for device access through SSH enhances the security of management access to the device but does not improve the security of SNMP communication itself.

Concept tested. SNMPv3 security features

Reference. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3s/snmp-xe-3s-book/nm-snmp-snmpv3.html

No community discussion yet for this question.