Cisco CCNA mock exam questions sample test – Question 179

.You recently implemented SNMPv3 to increase the security of your network management system. A partial output of the show run command displays the following output that relates
to SNMP:

snmp-server group TECHS v3 noauth read TECHS write TECHS
Which of the following statements is true of this configuration?

A. It provides encryption, but it does not provide authentication
B. It provides neither authentication nor encryption
C. It provides authentication, but it does not provide encryption
D. It provides both authentication and encryption


Correct Answer: B

Explanation:
It provides neither authentication nor encryption. In SMNPv3, there are three combinations of security that can be used:
noAuthNoPriv- no authentication and no encryption; includes the noauth keyword in the configuration
AuthNoPriv – messages are authenticated but not encrypted; includes the auth keyword in the configuration
AuthPriv – messages are authenticated and encrypted; includes the priv keyword in the configuration
In this case, the keyword noauth in the configuration indicates that no authentication and no encryption are provided. This makes the implementation no more secure than SNMPv1 or
SNMPv2.
In SNMPv1 and SNMPv2, authentication is performed using a community string. When you implement SNMP using the noauth keyword, it does not use community strings for
authentication. Instead it uses the configured user or group name (in this case TECHS). Regardless, it does not provide either authentication or encryption.
Objective:
Infrastructure Management
Sub-Objective:
Configure and verify device-monitoring protocols
References:
SNMP Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches) > SNMPv3