CCNA 200-125 Exam: SNMP Questions With Answers

CCNA 200-125 Exam: SNMP Questions With Answers

  1. Which version of SNMP first allowed user-based access?
    • A. SNMPv3 with RBAC
    • B. SNMPv3*
    • C. SNMPv1
    • D. SNMPv2

    Show (Hide) Explanation/Reference
    The user-based access control implemented by SNMPv3 is based on contexts and user names, rather than on IP addresses and community strings. It is a partial implementation of the view-based access control model (VACM).
  2. What is the first step you perform to configure an SNMPv3 user?
    • A. Configure server traps.
    • B. Configure the server group.*
    • C. Configure the server host.
    • D. Configure the remote engine ID.

    Show (Hide) Explanation/Reference
    The first step we need to do when configuring an SNMPv3 user is to configure the server group to enable authentication for members of a specified named access list via the “snmp-server group” command. For example:

    Router(config)# snmp-server group MyGroup v3 auth access snmp_ac

    In this example, the SNMP server group MyGroup is configured to enable user authentication for members of the named access list snmp_acl.

    Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/3850/snmp-xe-3se-3850-book/nm-snmp-snmpv3.html

  3. Which statement about SNMPv2 is true?
    • A. Its privacy algorithms use MD5 encryption by default.
    • B. It requires passwords to be encrypyed.
    • C. Its authentication and privacy algorithms are enabled without default values.*
    • D. It requires passwords at least eight characters in length.

    Show (Hide) Explanation/Reference
    Default values do not exist for authentication or privacy algorithms when you configure the SNMP commands. Also, no default passwords exist. The minimum length for a password is one character, although we recommend that you use at least eight characters for security. If you forget a password, you cannot recover it and must reconfigure the user. You can specify either a plain text password or a localized Message Digest 5 (MD5) digest.

    Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/3850/snmp-xe-3se-3850-book/nm-snmp-snmpv2c.pdf

  4. Which command can you enter on a switch to determine the current SNMP security model?
    • A. snmp-server contact
    • B. show snmp pending
    • C. show snmp group*
    • D. show snmp engineID

    Show (Hide) Explanation/Reference
    Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined with the security level  determine the security mechanism applied when the SNMP message is processed.

    The command “show snmp group” displays the names of groups on the router and the security model, the status of the different views, and the storage type of each group. Below is an example of this command.

    Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_9snmp.html

  5. Which command do use we use to see SNMP version?
    • A. show snmp pending*
    • B. show snmp engineID
    • C. snmp-server manager

    Show (Hide) Explanation/Reference
    The “show snmp pending” command displays the current set of pending SNMP requests. It also displays the SNMP version used.

    Router# show snmp pending
    req id: 47, dest: 171.69.58.33.161, V2C community: public, Expires in 5 secs
    req id: 49, dest: 171.69.58.33.161, V2C community: public, Expires in 6 secs
    req id: 51, dest: 171.69.58.33.161, V2C community: public, Expires in 6 secs
    req id: 53, dest: 171.69.58.33.161, V2C community: public, Expires in 8 secs

    Note:

    The “show snmp engineID” displays the identification of the local SNMP engine and all remote engines that have been configured on the router. The following example specifies 00000009020000000C025808 as the local engineID and 123456789ABCDEF000000000 as the remote engine ID, 171.69.37.61 as the IP address of the remote engine (copy of SNMP) and 162 as the port from which the remote device is connected to the local device:

    Router# show snmp engineID
    Local SNMP engineID: 00000009020000000C025808
    Remote Engine ID           IP-addr          Port
    123456789ABCDEF000000000   171.69.37.61     162

  6. Which three statements about the features of SNMPv2 and SNMPv3 are true? (Choose three)
    • A. SNMPv3 enhanced SNMPv2 security features*
    • B. SNMPv3 added the Inform protocol message to SNMP
    • C. SNMPv2 added the Inform protocol message to SNMP*
    • D. SNMPv3 added the GetBulk protocol messages to SNMP
    • E. SNMPv2 added the GetBulk protocol message to SNMP*
    • F. SNMPv2 added the GetNext protocol message to SNMP

    Show (Hide) Explanation/Reference
    SNMPv1/v2 can neither authenticate the source of a management message nor provide encryption. Without authentication, it is possible for nonauthorized users to exercise SNMP network management functions. It is also possible for nonauthorized users to eavesdrop on management information as it passes from managed systems to the management system. Because of these deficiencies, many SNMPv1/v2 implementations are limited to simply a read-only capability, reducing their utility to that of a network monitor; no network control applications can be supported. To correct the security deficiencies of SNMPv1/v2, SNMPv3 was issued as a set of Proposed Standards in January 1998. -> A is correct.

    (Reference: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-3/snmpv3.html)

    The two additional messages are added in SNMP2 (compared to SNMPv1)

    GetBulkRequest The GetBulkRequest message enables an SNMP manager to access large chunks of data. GetBulkRequest allows an agent to respond with as much information as will fit in the response PDU. Agents that cannot provide values for all variables in a list will send partial information. -> E is correct.

    InformRequest The InformRequest message allows NMS stations to share trap information. (Traps are issued by SNMP agents when a device change occurs.) InformRequest messages are generally used between NMS stations, not between NMS stations and agents. -> C is correct.

    Note: These two messages are carried over SNMPv3.

  7. Which feature can you use to restrict SNMP queries to a specific OID tree?
    • A. server group
    • B. a community
    • C. a view record*
    • D. an access group

    Show (Hide) Explanation/Reference
    You can assign views to community strings to limit which MIB objects an SNMP manager can access. The syntax to create a view record is shown below:

    Router(config)# snmp-server view view-name oid-tree {included | excluded}

    Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.html


Related Articles

Leave a Reply