Which two practices should you implement to increase SNMPv1 security? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D.BC.
SNMPv1 (Simple Network Management Protocol version 1) is an outdated protocol that is still used in some network devices for monitoring and management purposes. However, it has some security vulnerabilities, such as plain text community strings that are used for authentication and authorization, and lack of encryption for confidential data.
To increase SNMPv1 security, you should implement the following two practices:
Use ACLs to allow only specific IP addresses to poll SNMP: Access Control Lists (ACLs) allow you to control which IP addresses are allowed to access SNMP data. By using ACLs, you can restrict access to SNMP data to only authorized devices or hosts. This reduces the risk of unauthorized access and ensures that SNMP data is only accessible to authorized users.
Use a combination of alphanumeric characters for the community strings: Community strings are used for SNMPv1 authentication and authorization. By default, community strings are transmitted in plain text, which makes them vulnerable to interception and eavesdropping. To increase the security of SNMPv1, you should use community strings that are difficult to guess, such as a combination of alphanumeric characters. This reduces the risk of unauthorized access to SNMP data.
Option A, "Restrict access to the specific SNMP engine IDs in use", is not a recommended practice because it is difficult to manage and can cause issues when configuring SNMP agents or managers.
Option C, "Use a combination of alphanumeric characters for the community strings", is a recommended practice as discussed above.
Option D, "Use SNMP encryption for transport confidentiality", is not applicable to SNMPv1 because it does not support encryption. However, it is applicable to newer versions of SNMP, such as SNMPv3.