Refer to the exhibit. A network engineer is deploying SNMP configuration on client's routers. Encrypted authentication must be included on router 1 to provide security and protect message confidentiality. Which action should the engineer perform on the routers to accomplish this task?
To provide security and protect message confidentiality through encrypted authentication, the appropriate command would be to set the user to use authentication with encryption. This can be accomplished with the command 'snmp-server user testuser group1 remote 192.168.0.254 v3 auth md5 testpassword'. This command specifies authenticated communication using MD5 for encryption, thus fulfilling the requirement for encrypted authentication.
I think D is correct. The question mentions 'encrypted authentication'. I cannot find any encryption option available for group authentication. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/5700/snmp-xe-3se-5700-book/nm-snmp-snmpv3.pdf => on page 5 the snmp-server group and snmp-server user commands are explained
You would need both B and D to make this correct. https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/15-e/snmp-15-e-book.pdf Page 8 has this same exhibit, can clearly see it is for noauth. Right below is the example for auth, would would be answers B and D. Page 2 you can clearly see auth is for authentication encryption. Page 3 also shows that there is no mix and matching from server to router configuration. You can't have no auth and received an auth password, or an auth password with noauth without getting an error.
The "snmp-server user testuser group1 remote 192.168.0.254" line from the exhibit will not be accepted without at least "v3" keyword, so this eliminates B. I tested the configuration on a router, and user authentication works if entered as in D.
Agree B and D
Option D achieves the goal. The group sets the min security level for all users. From the snip, the min level is no auth. No need to change it to auth. What is needed is to define users with a no auth or higher security level. Option D creates a user with a higher security level.
This question is asking if you know how the router will handle a mismatch of the security level between the group and user. The group defines the MINIMUM security level. The user is allowed to be more secure than the group. This makes D the correct answer.
no of option should be 2. ans B and D
It's B the question say "Encrypted authentication must be included on router 1 to provide security and protect message confidentiality." but in the config apper " snmp-server groups groups1 v3 noauth"
must be D. Look at the command reference for snmp-server user https://www.cisco.com/c/en/us/td/docs/routers/crs/software/crs_r4-3/system_management/command/reference/b_sysman_cr43crs/b_sysman_cr43crs_chapter_01111.html#wp1211841131
I think D is correct. If you look at the following group configuration, you will notice that it is giving permissions based on authenticated/nonauthenticated conditions of the users snmp-server group group1 v3 noauth read cc write cc access allowed2 snmp-server group group1 v3 auth read dd write dd access allowed1