Which two authentication mechanisms are supported by SNMPv3 ?(Choose two)
A. SHA
B. username without password
C. username and password
D. DES
E. a community string
F. 265-bit AES
Which two authentication mechanisms are supported by SNMPv3 ?(Choose two)
A. SHA
B. username without password
C. username and password
D. DES
E. a community string
F. 265-bit AES
Correct Answer A,C
Because AES – 256 bit, not 265 bit.
Completely agree with NotGonnaStateMyNameLol below.
The question itself seems to be incorrectly proposed, as it presents 3 correct answers (A, C and E) but asks for only 2 questions.
In any case, if I have to pick 2 out of those 3, I would go with the 2 ‘more secure’ ones: A + C.
I got stuck at this question too.
Study guide fifth edition has an unclear wording about this one.
Let’s just go over it:
SNMPv3 provides encryption and authentication.
a) SHA is used for authentication (HMAC-SHA), but it also supports MD5.
Proof of a) : SNMPv3 specifies the use of message digest algorithm 5 (MD5) and secure hash
algorithm (SHA) to create a message digest for each SNMPv3 protocol message. Doing
so enables authentication of endpoints and prevents data modification and masquerade
types of attacks. (Study guide)
Additionally, noAuthNoPriv also provides authentication with a username. Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/3850/snmp-xe-3se-3850-book/nm-snmp-snmpv3.pdf
However, looking at the examples in the source, you can clearly see that if you use a username, you also need a password. Hence, username with password seems like a valid choice as well.
Communities are also supported “for authentication” (Study guide 5th ed. Vol.1) – however, I personally find this “less” of an authentication as using user/pass as stated above. Hence, if only 2 options should be valid, I wouldn’t choose community string.
b) DES and AES are encryption mechanisms. DES is supported with SNMPv3 (Study guide + source above) , as well as AES ( http://www.snmp.com/snmpv3/snmpv3_intro.shtml ) – also the 256bit version of AES.
Summary: A+C should definitely be valid, possibly even E, if 3 option should be chosen.
I got stuck at this question too.
Study guide fifth edition has an unclear wording about this one.
Let’s just go over it:
SNMPv3 provides encryption and authentication.
a) SHA is used for authentication (HMAC-SHA), but it also supports MD5.
Proof of a) : SNMPv3 specifies the use of message digest algorithm 5 (MD5) and secure hash
algorithm (SHA) to create a message digest for each SNMPv3 protocol message. Doing
so enables authentication of endpoints and prevents data modification and masquerade
types of attacks. (Study guide)
Additionally, noAuthNoPriv also provides authentication with a username. Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/3850/snmp-xe-3se-3850-book/nm-snmp-snmpv3.pdf
However, looking at the examples in the source, you can clearly see that if you use a username, you also need a password. Hence, username with password seems like a valid choice as well.
Communities are also supported “for authentication” (Study guide 5th ed. Vol.1) – however, I personally find this “less” of an authentication as using user/pass as stated above. Hence, if only 2 options should be valid, I wouldn’t choose community string.
b) DES and AES are encryption mechanisms. DES is supported with SNMPv3 (Study guide + source above) , as well as AES ( http://www.snmp.com/snmpv3/snmpv3_intro.shtml ) – also the 256bit version of AES.
Summary: A+C should definitely be valid, possibly even E, if 3 option should be chosen.
I bid CE.
You can still use community strings with v3 (however I am not sure if one can call it authentication). SHA-1 is a hashing algorithm used to hide the password in place of MD5. Moreover I am not sure about B – it may work also.
Agree. It is a poor question.
So i think I was looking at previous question for the MD5 and SHA.
So this is confusing to me because it is asking about authentication and on the Cisco sites it says user-based authentication is MD5 and SHA. Encryption is DES or hashing algorithms are AES and DES.
is this another trick CCIE V5 question where you have to read into it more then they are asking.
another test site I found says A, C