Sign Up
Log In
Home
discussion
Exam 200-301 Question id=5457 IP Services

You have implemented SNMP v3 in your network. After making the configuration changes, you find that technicians in the TECHS group cannot access the MIB. You execute the show run command and receive the following output that relates to SNMP:
<Output omitted> snmp-server group NORMAL v3 priv read NORMAL write NORMAL snmp-server group TECHS v3 priv read TECHS access 99 snmp-server group TRAP v3 priv snmp-server user NORMAL NORMAL v3 auth sha CISCO priv des56 CISCO snmp-server user TECHS TECHS v3 auth sha CISCO priv des56 CISCO snmp-server user TRAP TRAP v3 auth sha CISCO priv des56 CISCO snmp-server enable traps snmp linkup linkdown snmp-server host 155.1.146.100 traps version 3 priv TRAP
What is preventing the TECHS group from viewing the MIB?

A. The presence of the keyword priv in the command creating the RESTRICTED group
B. A mismatch between the authentication mechanism and the encryption type in the command creating the TECHS user
C. The absence of an access list defining the stations that can used by the TECHS group
D. The presence of the keyword auth in the command creating the TECHS user

The command that creates the TECHS group ends with the parameter access 99:

server group TECHS v3 priv read TECHS access 99

This indicates that the access list number 99 is specifying the IP addresses of the stations allowed to connect to the MIB for the group. Since the access list is missing from the configuration, no IP addresses will be allowed, and no connections can be made by the group.

The presence of the keyword priv in the command creating the TECHS group is not causing the issue. This keyword indicates that encryption (privacy) and authentication should both be used on all transmissions by the group.

In SMNPv3, there are three combinations of security that can be used:
* noAuthNoPriv- no authentication and no encryption; includes the noauth keyword in the configuration
* AuthNoPriv - messages are authenticated but not encrypted; includes the auth keyword in the configuration
* AuthPriv - messages are authenticated and encrypted; includes the priv keyword in the configuration

There is no mismatch between the authentication mechanism and the encryption type in the command creating the TECHS user.

snmp-server user TECHS TECHS v3 auth sha CISCO priv des56 CISCO

In the preceding command, the section auth sha CISCO specified that messages are authenticated using SHA with a key of CISCO. It does not need to the match the section priv des56 CISCO, which indicates that encryption (priv) will be provided using DES56 with a key of CISCO.

The presence of the keyword auth in the command creating the TECHS user is not causing the issue. This line indicates that that messages are authenticated using SHA with a key of CISCO.