Home > SNMP Questions

SNMP Questions

July 15th, 2017 in ROUTE 300-101 Go to comments

Note: If you are not sure about SNMP, please read our SNMP tutorial.

Question 1

Explanation

“The engineer is not concerned with authentication or encryption” so we don’t need to use SNMP version 3. And we only use “one-way SNMP notifications” so SNMP messages should be sent as traps (no need to acknowledge from the SNMP server) -> A is correct.

Question 2

Explanation

There are three SNMP security levels (for SNMPv1, SNMPv2c, and SNMPv3):

+ noAuthNoPriv: Security level that does not provide authentication or encryption.
+ authNoPriv: Security level that provides authentication but does not provide encryption.
+ authPriv: Security level that provides both authentication and encryption.

For SNMPv3, “noAuthNoPriv” level uses a username match for authentication.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/sm_snmp.html

Question 3

Explanation

The SNMPv3 Agent supports the following set of security levels:
+ NoAuthnoPriv: Communication without authentication and privacy.
+ AuthNoPriv: Communication with authentication and without privacy. The protocols used for Authentication are MD5 and SHA (Secure Hash Algorithm).
+ AuthPriv: Communication with authentication and privacy. The protocols used for Authentication are MD5 and SHA ; and for Privacy, DES (Data Encryption Standard) and AES (Advanced Encryption Standard) protocols can be used. For Privacy Support, you have to install some third-party privacy packages.

Question 4

Explanation

The SNMPv3 Agent supports the following set of security levels:
+ NoAuthnoPriv: Communication without authentication and privacy.
+ AuthNoPriv: Communication with authentication and without privacy. The protocols used for Authentication are MD5 and SHA (Secure Hash Algorithm).
+ AuthPriv: Communication with authentication and privacy. The protocols used for Authentication are MD5 and SHA ; and for Privacy, DES (Data Encryption Standard) and AES (Advanced Encryption Standard) protocols can be used. For Privacy Support, you have to install some third-party privacy packages.

In the CLI, we use “priv” keyword for “AuthPriv” (“noAuth” keyword for “noAuthnoPriv”; “auth” keyword for “AuthNoPriv”). The following example shows how to configure a remote user to receive traps at the “priv” security level when the SNMPv3 security model is enabled:
Router(config)# snmp-server group group1 v3 priv
Router(config)# snmp-server user PrivateUser group1 remote 1.2.3.4 v3 auth md5 password1 priv access des56

Question 5

Explanation

The “snmp-server manager” command is used to start the SNMP manager process. In other words, it allows the SNMP manager to begin sending and receiving SNMP requests and responses to the SNMNP agents.

SNMP_Components.jpg

Note: SNMP Manager (sometimes called Network Management System – NMS) is a software runs on the device of the network administrator (in most case, a computer) to monitor the network.

Question 6

Explanation

Both SNMPv1 and v2 did not focus much on security and they provide security based on community string only. Community string is really just a clear text password (without encryption). Any data sent in clear text over a network is vulnerable to packet sniffing and interception.

SNMPv3 provides significant enhancements to address the security weaknesses existing in the earlier versions. The concept of community string does not exist in this version. SNMPv3 provides a far more secure communication using entities, users and groups. This is achieved by implementing three new major features:
+ Message integrity: ensuring that a packet has not been modified in transit.
+ Authentication: by using password hashing (based on the HMAC-MD5 or HMAC-SHA algorithms) to ensure the message is from a valid source on the network.
+ Privacy (Encryption): by using encryption (56-bit DES encryption, for example) to encrypt the contents of a packet.

Note: Although SNMPv3 offers better security but SNMPv2c however is still more common.

Question 7

Question 8

Explanation

The command “show snmp user” displays information about the configured characteristics of SNMP users. The following example specifies the username as abcd with authentication method of MD5 and encryption method of 3DES.

Router#show snmp user abcd
User name: abcd
Engine ID: 00000009020000000C025808
storage-type: nonvolatile active access-list: 10
Rowstatus: active
Authentication Protocol: MD5
Privacy protocol: 3DES
Group name: VacmGroupName
Group name: VacmGroupName

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t2/snmpv3ae.html

Question 9

Question 10

Explanation

The snmp-server host global configuration command is used to specify the recipient of an SNMP notification operation, in this case 192.168.1.3. In other words, traps of the local router will be sent to 192.168.1.3. Therefore this command is often used to manage the device.

Question 11

Explanation

The SNMP Manger can send GET, GET-NEXT and SET messages to SNMP Agents. The Agents are the monitored device while the Manager is the monitoring device. In the picture below, the Router, Server and Multilayer Switch are monitored devices.

SNMP_Messages_Flow.jpg

Comments
  1. Lost for words
    October 4th, 2016

    Dude, I failed today with a 640. The ‘300-101: Implementing Cisco IP Routing’ exam is completely different then what is on this site. Not even close. There are maybe 10 questions that are the same… What happened???

  2. Digital Eagle
    October 9th, 2016

    Lots of of IPv6?

  3. Anonymous
    October 10th, 2016

    Failed today with 733….questions got changed…Lab Sims were the same but other questions were almost all different….maybe 5-10 Qs were the same…new drag and drop about CHAP authentication…

  4. ExamOnFeb21st2017
    February 17th, 2017

    can anyone please send new dumps for CCNP-ROute exam?
    please please please. I have exam on feb 21st 2017. Please help.. send dumps to

    s m i l e s . p r i y a 0 9 @ g m a i l . c o m

  5. Almond
    April 1st, 2017

    ***HELP PLEASE**Please send me latest dumps. I’ll be taking the exam this week. I promise to give back when I passed. I promise to share it. Just help me for now. For those who just recently took the exam please help us. Thanks
    Send here the dumps and some advices:
    infinity143(@)(Gmail)(dot)(com)

  6. Dhurv
    April 22nd, 2017

    I don’t see your question above Explanation..or I may be missing to find out your question before explnation or answer. Can you guide me to get the question before digging into answers or explanation!!!!

  7. Arthur
    July 14th, 2017

    Please send to my email about dump file ccnp if you have.
    Many thanks!
    Phungtrungtuan( @ )gmail.com

  8. Dass
    August 17th, 2017

    hello

  9. Dass
    August 17th, 2017

    dash123 @ gmail .com

  10. Anonymous
    August 27th, 2017

    For Q11, B should be one of answers.

  11. Quyet Doan
    September 1st, 2017

    For my opinion, Q11 the answers are BCD. The Agents are the monitored device => F is not the answer

  12. davidmeiker
    September 14th, 2017

    I have the same answer as Quyet Doan

    The Agents are the monitored device => F is not the answer!

    Please DIGITALTUT correct this

  13. davidmeiker
    September 14th, 2017

    Tomorror, I’m going to present this Exam.

    with studies, LAB, LAB LAB and a lot of DIGITALTUT, I think I could pas

    Wish me sucess. Pray for me :)

  1. No trackbacks yet.