A network administrator is configuring SNMPv3 on a new router. The users have already been created, however an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this?
A.
define the encryption algorithm to be used by SNMPv3
B.
set the password to be used for SNMPv3 authentication
I think the correct answer is C - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3e/snmp-xe-3e-book/nm-snmp-snmpv3-comm-supp.html
It looks like none of the options given make sense: A and B are part of the user creation command, C does not make any sense since views can be assigned to groups, not users and D is wrong because it only makes sense if a SNMP host is being configured.
Don't Overthink the question
A network administrator is configuring SNMPv3 on a new router. The users have already been created, however an additional configuration is needed to facilitate access to the SNMP views. What must the administrator do to accomplish this?
The question is stating the users have been created, but never said any other commands had been used. Thus they ask "an additional config is needed to access SNMP views". At the moment we only have Users, but no views.
Thus only logical answer would be map SNMPv3 users to SNMPv3 views. As that had not been done yet as we only had users.
I'll go with B because I believe the user is using the noAuth command.
The following example shows how to configure a remote user to receive traps at the “noAuthNoPriv” security level when the SNMPv3 security model is enabled:
Device(config)# snmp-server group group1 v3 noauth
Device(config)# snmp-server user remoteuser1 group1 remote 10.12.8.4
Device(config)# snmp-server host 10.12.8.4 informs version 3 noauth remoteuser config
"B"
For requests to be authenticated, the manager and the agent must share knowledge of the authentication password associated with the username. For requests to be encrypted, the manager and the agent must additionally share knowledge of the privacy password associated with the username.
setting the password for SNMPv3 authentication is also a required step in configuring SNMPv3, but it is not directly related to facilitating access to SNMP views,
"B" The secure management of SNMPv3 is an important enabling technology for safe configuration and control operations. SNMPv3 provides security with authentication and privacy, and its administration offers logical contexts, view-based access control, and remote configuration.
It is A
• 2.8 Configure secure network management of
perimeter security and infrastructure devices
(secure device management, SNMPv3, views,
groups, users, authentication, and encryption,
secure logging, and NTP with authentication)
Agree with C, here's what Cisco document says about it:
To configure a Simple Network Management Protocol Version 3 (SNMPv3) server user, specify an SNMP group or a table that maps SNMPv3 users to SNMP views.
It is C, on Cisco site:
"To configure a Simple Network Management Protocol Version 3 (SNMPv3) server user, specify an SNMP group or a table that maps SNMPv3 users to SNMP views."
The question is what is SNMP v3 according to Cisco (table 3):
The SNMP Version 3 feature is used to provide secure access to devices by authenticating and encrypting data packets over the network.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/5700/snmp-xe-3se-5700-book/nm-snmp-snmpv3.pdf
Then we need to provide SNMP Priv mode with both authentication and encryption, that is answer A+B. or only A if we consider the authentication is already provided.
I think you have to configure a view to be able to configure a group. You need a group to be able to configure a user. The PW and encryption is set while creating the user.
So if the user is already created, a group and a view is also created.
This leaves me with D which makes me not happy.
This question is too vague to properly answer. When you create the user, you assign them to the group and this provides access to the view. C would be plausible if you mapped users to views but you don' t map users to views, you assign users to groups which provides access to views. The group and user option would enough in a NoAuth model. the answer wording is questionable C but it could be the answer based on NoAuth.
Since we don't know the model that is being used. It's hard to say. With AuthNoPriv you would need the auth password. With AuthPriv you would need both the auth password and encryption. However in no case would just the encryption be enough by itself to allow access. For A to be correct, we'd have to assume that the user has been assigned to the group and that the auth password is correct.
Correction. C Could not be the answer at all. The question clearly states that the user has been created. The user is assigned to a group when the command is entered to create the user. Views are provided based on the group.
Agree with B
Configuring SNMP Version 3
When you configure SNMPv3 and you want to use the SNMPv3 security mechanism for handling SNMP packets, you must establish SNMP groups and users with passwords.
SNMPv3 is a security model. A security model is an authentication strategy that is set up for a user and the group in which the user resides.
No default values exist for authentication or privacy algorithms when you configure the snmp-server group command. Also, no default passwords exist.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/12-4t/snmp-12-4t-book/nm-snmp-cfg-snmp-support.html
upvoted 2 times
...
...
...
...
This section is not available anymore. Please use the main Exam Page.350-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kornman
Highly Voted 3 years, 10 months agojaciro11
3 years, 5 months agothetaken
Highly Voted 3 years, 9 months agoDemon_Queen_Velverosa
Most Recent 7 months, 3 weeks agoDemon_Queen_Velverosa
7 months, 3 weeks agobobie
1 year, 11 months agopsuoh
2 years, 3 months agosis_net_sec
2 years, 6 months agonomanlands
2 years, 10 months agosurforlife
2 years, 10 months agohaiderzaid
2 years, 1 month agosurforlife
2 years, 10 months agokillbots
3 years agodenverfly
3 years, 3 months agozheka
3 years, 5 months agocoentror
3 years, 5 months agou777
3 years, 8 months agokerniger
3 years, 8 months agoReece_S
3 years, 9 months agoReece_S
3 years, 9 months agoklu16
3 years, 8 months agoMoII
3 years, 5 months ago