nerdexam
GIAC

GPEN · Question #178

GPEN Question #178: Real Exam Question with Answer & Explanation

The correct answer is A. Change the default community string names. D. Upgrade SNMP Version 1 with the latest version.. When SNMP cannot be disabled, changing default community strings and upgrading to SNMPv3 are the two most effective mitigations against SNMP enumeration because they address authentication weaknesses directly.

Question

You work as a Penetration Tester for the Infosec Inc. Your company takes the projects of security auditing. Recently, your company has assigned you a project to test the security of the we- aresecure. com network. Now, when you have finished your penetration testing, you find that the weare- secure.com server is highly vulnerable to SNMP enumeration. You advise the we-are- secure Inc. to turn off SNMP; however, this is not possible as the company is using various SNMP services on its remote nodes. What other step can you suggest to remove SNMP vulnerability? Each correct answer represents a complete solution. Choose two.

Options

  • AChange the default community string names.
  • BInstall antivirus.
  • CClose port TCP 53.
  • DUpgrade SNMP Version 1 with the latest version.

Explanation

When SNMP cannot be disabled, changing default community strings and upgrading to SNMPv3 are the two most effective mitigations against SNMP enumeration because they address authentication weaknesses directly.

Common mistakes.

  • B. Antivirus software detects and removes malware on endpoints but has no effect on SNMP protocol-level weaknesses or network-based enumeration attacks.
  • C. TCP port 53 is used for DNS zone transfers, not SNMP; SNMP uses UDP port 161 for queries and UDP port 162 for traps, so closing TCP 53 provides no mitigation against SNMP enumeration.

Concept tested. SNMP enumeration mitigation - community strings and SNMPv3 upgrade

Reference. https://www.cisa.gov/uscert/ncas/alerts/TA17-156A

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice