BlackFriday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

HP Exam HPE6-A84 Topic 6 Question 24 Discussion

Actual exam question for HP's HPE6-A84 exam
Question #: 24
Topic #: 6
[All HPE6-A84 Questions]

Several AOS-CX switches are responding to SNMPv2 GET requests for the public community. The customer only permits SNMPv3. You have asked a network admin to fix this problem. The admin says, ''I tried to remove the community, but the CLI output an error.''

What should you recommend to remediate the vulnerability and meet the customer's requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B

This is because SNMPv3 is a secure version of SNMP that provides authentication, encryption, and access control for network management. SNMPv3-only is a configuration option on AOS-CX switches that disables SNMPv1 and SNMPv2c, which are insecure versions of SNMP that use plain text community strings for authentication. By setting the snmp-server settings to ''snmpv3-only'', the switch will only respond to SNMPv3 requests and reject any SNMPv1 or SNMPv2c requests, thus remedying the vulnerability and meeting the customer's requirements.

A) Enabling control plane policing to automatically drop SNMP GET requests. This is not a valid recommendation because control plane policing is a feature that protects the switch from denial-of-service (DoS) attacks by limiting the rate of traffic sent to the CPU. Control plane policing does not disable SNMPv1 or SNMPv2c, but rather applies a rate limit to all SNMP requests, regardless of the version. Moreover, control plane policing might also drop legitimate SNMP requests if they exceed the rate limit, which could affect the network management.

C) Adding an SNMP community with a long random name. This is not a valid recommendation because an SNMP community is a shared secret that acts as a password for accessing network devices using SNMPv1 or SNMPv2c. Adding an SNMP community with a long random name does not disable SNMPv1 or SNMPv2c, but rather creates another community string that can be used for authentication. Moreover, adding an SNMP community with a long random name does not improve the security of SNMPv1 or SNMPv2c, as the community string is still transmitted in plain text and can be intercepted by an attacker.

D) Enabling SNMPv3, which implicitly disables SNMPv1/v2. This is not a valid recommendation because enabling SNMPv3 does not implicitly disable SNMPv1 or SNMPv2c on AOS-CX switches. Enabling SNMPv3 only adds support for the secure version of SNMP, but does not remove support for the insecure versions. Therefore, enabling SNMPv3 alone does not remedy the vulnerability or meet the customer's requirements.


Contribute your Thoughts:

Denise
3 months ago
I believe option B could work, but option D provides a more comprehensive solution.
upvoted 0 times
...
Dalene
3 months ago
I'd recommend option D. Enabling SNMPv3 is the equivalent of a superhero cape for your network security.
upvoted 0 times
...
Brendan
3 months ago
Option B is like trying to put a bandaid on a broken leg. Gotta go all-in with SNMPv3 to really fix this problem.
upvoted 0 times
Zena
2 months ago
Let's go ahead and enable SNMPv3 to address the vulnerability.
upvoted 0 times
...
Maybelle
2 months ago
Agreed, SNMPv3 is the best solution to meet the customer's requirements.
upvoted 0 times
...
Arleen
3 months ago
Option B is a temporary fix, we need to fully switch to SNMPv3.
upvoted 0 times
...
...
Lindsey
3 months ago
But wouldn't setting snmp-server settings to 'snmpv3-only' be a quicker solution?
upvoted 0 times
...
Kris
3 months ago
I'd go with option D. Disabling SNMPv1/v2 is like putting a lid on a boiling pot - it's the safest way to handle this situation.
upvoted 0 times
...
Gearldine
3 months ago
Enabling SNMPv3 is the only way to ensure the customer's requirements are met. Plus, it's a great way to keep those pesky hackers at bay.
upvoted 0 times
Celeste
2 months ago
Yes, enabling SNMPv3 is the best solution to meet the customer's requirements.
upvoted 0 times
...
Cletus
2 months ago
D) Enabling SNMPv3, which implicitly disables SNMPv1/v2
upvoted 0 times
...
Tawny
2 months ago
That's a good idea. It will ensure only SNMPv3 is permitted.
upvoted 0 times
...
Aja
3 months ago
B) Setting the snmp-server settings to ''snmpv3-only''
upvoted 0 times
...
...
Millie
4 months ago
I agree, enabling SNMPv3 will meet the customer's requirements.
upvoted 0 times
...
Maryann
4 months ago
Haha, the admin must have been trying to remove the community with a sledgehammer instead of a scalpel. Option D is clearly the way to go here.
upvoted 0 times
Alonzo
2 months ago
Enabling SNMPv3 is the right move. It will solve the issue.
upvoted 0 times
...
Juliann
2 months ago
Yeah, SNMPv3 is more secure. The admin should try that.
upvoted 0 times
...
Hillary
2 months ago
Option D is definitely the best choice. SNMPv3 is the way to go.
upvoted 0 times
...
Wayne
3 months ago
The admin should focus on enabling SNMPv3 to fix the problem.
upvoted 0 times
...
Malika
3 months ago
Yeah, SNMPv3 is the way to go. It will meet the customer's requirements.
upvoted 0 times
...
Yolando
3 months ago
Option D is the best choice. Enabling SNMPv3 will solve the issue.
upvoted 0 times
...
...
Stephen
4 months ago
I think option D is the best choice.
upvoted 0 times
...

Save Cancel