Home > SNMP Questions

SNMP Questions

July 15th, 2019 in ROUTE 300-101 Go to comments

Note: If you are not sure about SNMP, please read our SNMP tutorial.

Question 1

Explanation

“The engineer is not concerned with authentication or encryption” so we don’t need to use SNMP version 3. And we only use “one-way SNMP notifications” so SNMP messages should be sent as traps (no need to acknowledge from the SNMP server) -> A is correct.

Question 2

Explanation

There are three SNMP security levels (for SNMPv1, SNMPv2c, and SNMPv3):

+ noAuthNoPriv: Security level that does not provide authentication or encryption.
+ authNoPriv: Security level that provides authentication but does not provide encryption.
+ authPriv: Security level that provides both authentication and encryption.

For SNMPv3, “noAuthNoPriv” level uses a username match for authentication.

Reference: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/configuration/guide/cli_rel_4_0_1a/CLIConfigurationGuide/sm_snmp.html

Question 3

Explanation

The SNMPv3 Agent supports the following set of security levels:
+ NoAuthnoPriv: Communication without authentication and privacy.
+ AuthNoPriv: Communication with authentication and without privacy. The protocols used for Authentication are MD5 and SHA (Secure Hash Algorithm).
+ AuthPriv: Communication with authentication and privacy. The protocols used for Authentication are MD5 and SHA ; and for Privacy, DES (Data Encryption Standard) and AES (Advanced Encryption Standard) protocols can be used. For Privacy Support, you have to install some third-party privacy packages.

Question 4

Explanation

The SNMPv3 Agent supports the following set of security levels:
+ NoAuthnoPriv: Communication without authentication and privacy.
+ AuthNoPriv: Communication with authentication and without privacy. The protocols used for Authentication are MD5 and SHA (Secure Hash Algorithm).
+ AuthPriv: Communication with authentication and privacy. The protocols used for Authentication are MD5 and SHA ; and for Privacy, DES (Data Encryption Standard) and AES (Advanced Encryption Standard) protocols can be used. For Privacy Support, you have to install some third-party privacy packages.

In the CLI, we use “priv” keyword for “AuthPriv” (“noAuth” keyword for “noAuthnoPriv”; “auth” keyword for “AuthNoPriv”). The following example shows how to configure a remote user to receive traps at the “priv” security level when the SNMPv3 security model is enabled:
Router(config)# snmp-server group group1 v3 priv
Router(config)# snmp-server user PrivateUser group1 remote 1.2.3.4 v3 auth md5 password1 priv access des56

Question 5

Explanation

The “snmp-server manager” command is used to start the SNMP manager process. In other words, it allows the SNMP manager to begin sending and receiving SNMP requests and responses to the SNMNP agents.

SNMP_Components.jpg

Note: SNMP Manager (sometimes called Network Management System – NMS) is a software runs on the device of the network administrator (in most case, a computer) to monitor the network.

Question 6

Explanation

Both SNMPv1 and v2 did not focus much on security and they provide security based on community string only. Community string is really just a clear text password (without encryption). Any data sent in clear text over a network is vulnerable to packet sniffing and interception.

SNMPv3 provides significant enhancements to address the security weaknesses existing in the earlier versions. The concept of community string does not exist in this version. SNMPv3 provides a far more secure communication using entities, users and groups. This is achieved by implementing three new major features:
+ Message integrity: ensuring that a packet has not been modified in transit.
+ Authentication: by using password hashing (based on the HMAC-MD5 or HMAC-SHA algorithms) to ensure the message is from a valid source on the network.
+ Privacy (Encryption): by using encryption (56-bit DES encryption, for example) to encrypt the contents of a packet.

Note: Although SNMPv3 offers better security but SNMPv2c however is still more common.

Question 7

Question 8

Explanation

The command “show snmp user” displays information about the configured characteristics of SNMP users. The following example specifies the username as abcd with authentication method of MD5 and encryption method of 3DES.

Router#show snmp user abcd
User name: abcd
Engine ID: 00000009020000000C025808
storage-type: nonvolatile active access-list: 10
Rowstatus: active
Authentication Protocol: MD5
Privacy protocol: 3DES
Group name: VacmGroupName
Group name: VacmGroupName

Reference: http://www.cisco.com/c/en/us/td/docs/ios/12_4t/12_4t2/snmpv3ae.html

Question 9

Question 10

Explanation

The snmp-server host global configuration command is used to specify the recipient of an SNMP notification operation, in this case 192.168.1.3. In other words, traps of the local router will be sent to 192.168.1.3. Therefore this command is often used to manage the device.

Question 11

Explanation

The SNMP Manger can send GET, GET-NEXT and SET messages to SNMP Agents. The Agents are the monitored device while the Manager is the monitoring device. In the picture below, the Router, Server and Multilayer Switch are monitored devices.

SNMP_Messages_Flow.jpg

Comments
  1. ExamOnFeb21st2017
    February 17th, 2017

    can anyone please send new dumps for CCNP-ROute exam?
    please please please. I have exam on feb 21st 2017. Please help.. send dumps to

    s m i l e s . p r i y a 0 9 @ g m a i l . c o m

  2. Almond
    April 1st, 2017

    ***HELP PLEASE**Please send me latest dumps. I’ll be taking the exam this week. I promise to give back when I passed. I promise to share it. Just help me for now. For those who just recently took the exam please help us. Thanks
    Send here the dumps and some advices:
    infinity143(@)(Gmail)(dot)(com)

  3. Dhurv
    April 22nd, 2017

    I don’t see your question above Explanation..or I may be missing to find out your question before explnation or answer. Can you guide me to get the question before digging into answers or explanation!!!!

  4. Arthur
    July 14th, 2017

    Please send to my email about dump file ccnp if you have.
    Many thanks!
    Phungtrungtuan( @ )gmail.com

  5. Dass
    August 17th, 2017

    hello

  6. Dass
    August 17th, 2017

    dash123 @ gmail .com

  7. Anonymous
    August 27th, 2017

    For Q11, B should be one of answers.

  8. Quyet Doan
    September 1st, 2017

    For my opinion, Q11 the answers are BCD. The Agents are the monitored device => F is not the answer

  9. davidmeiker
    September 14th, 2017

    I have the same answer as Quyet Doan

    The Agents are the monitored device => F is not the answer!

    Please DIGITALTUT correct this

  10. davidmeiker
    September 14th, 2017

    Tomorror, I’m going to present this Exam.

    with studies, LAB, LAB LAB and a lot of DIGITALTUT, I think I could pas

    Wish me sucess. Pray for me :)

  11. Steve
    November 9th, 2017

    Passed with the 440q dumps from it libraries.

  12. Martin
    November 9th, 2017

    Confirming the 539q dumps are valid.

  13. Derek
    November 21st, 2017

    Confirming the 539q dumps are valid.

  14. Robert
    November 23rd, 2017

    Does anyone have the full version for the 539q por the Route Exam? Saw the dumps and it only contains 417 questions… Please HELP!!!

  15. Robin
    November 28th, 2017

    Passed today, used the 440q dumps.

  16. snmpGuy
    December 23rd, 2017

    SNMP is very important..in the exam ou ll also see some questions..check this
    https://ipcisco.com/snmp/

  17. Clock
    December 30th, 2017

    Hello folks

    Please someone who took the test recently (No spammers) please confirm the dumps that we can trust or if the questions in this site are correct.
    Not only for me, maybe for all of who will take the test.

  18. salman
    January 13th, 2018

    for question 11. i think the answer will be B,C,D.
    Please correct me .

  19. Rodrick
    January 15th, 2018

    Confirming the 440q dumps are valid. I used the ones from it Libaries.

  20. Marcus
    March 22nd, 2018

    For Q5:
    ” The SNMP manager process sends SNMP requests to agents and receives SNMP responses and notifications from agents. When the SNMP manager process is enabled, the router can query other SNMP agents and process incoming SNMP traps.

    Most network security policies assume that routers will be accepting SNMP requests, sending SNMP responses, and sending SNMP notifications. With the SNMP manager functionality enabled, the router may also be sending SNMP requests, receiving SNMP responses, and receiving SNMP notifications. The security policy implementation may need to be updated prior to enabling this functionality.”

  21. Diego
    September 21st, 2018

    Smashed my route exam today, 9xx used the dumps from it libraries and tut.

  22. anonymous
    October 1st, 2018

    @tut, please send latest questions and its answers. Thank you.

  23. Anonymous
    July 15th, 2019

    what is answer of Question 2?
    Which SNMP security level is available across all versions of the protocol?

  1. No trackbacks yet.