Exam 350-501 topic 1 question 210 discussion

I think D is correct. The question mentions 'encrypted authentication'. I cannot find any encryption option available for group authentication. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/5700/snmp-xe-3se-5700-book/nm-snmp-snmpv3.pdf => on page 5 the snmp-server group and snmp-server user commands are explained

You would need both B and D to make this correct. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/15-e/snmp-15-e-book.pdf Page 8 has this same exhibit, can clearly see it is for noauth. Right below is the example for auth, would would be answers B and D. Page 2 you can clearly see auth is for authentication encryption. Page 3 also shows that there is no mix and matching from server to router configuration. You can't have no auth and received an auth password, or an auth password with noauth without getting an error.

Option D achieves the goal. The group sets the min security level for all users. From the snip, the min level is no auth. No need to change it to auth. What is needed is to define users with a no auth or higher security level. Option D creates a user with a higher security level.

This question is asking if you know how the router will handle a mismatch of the security level between the group and user. The group defines the MINIMUM security level. The user is allowed to be more secure than the group. This makes D the correct answer.

The "snmp-server user testuser group1 remote 192.168.0.254" line from the exhibit will not be accepted without at least "v3" keyword, so this eliminates B. I tested the configuration on a router, and user authentication works if entered as in D.

Agree B and D

no of option should be 2. ans B and D

It's B the question say "Encrypted authentication must be included on router 1 to provide security and protect message confidentiality." but in the config apper " snmp-server groups groups1 v3 noauth"

must be D. Look at the command reference for snmp-server user https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-3/system_management/command/reference/b_sysman_cr43crs/b_sysman_cr43crs_chapter_01111.html#wp1211841131

I think D is correct. If you look at the following group configuration, you will notice that it is giving permissions based on authenticated/nonauthenticated conditions of the users snmp-server group group1 v3 noauth read cc write cc access allowed2 snmp-server group group1 v3 auth read dd write dd access allowed1