Snmpv3 User Based Security Model — Test 1

Correct Answer: A. A. Access control
Explanation: Access control is a security technique that allows users the access and also grants them the permission to make necessary changes in the data. The access control is divided majorly into two types. Those are: 1) Physical access control and 2) Logical access control.

Correct Answer: B. B. False
Explanation: Four type of threats exist to network management information while it is being transported from one management entity to another. Those are: (1) modification of information, (2) masquerade, (3) message stream modification, and (4) disclosure.

Correct Answer: B. B. Vacm (view-based access control model)
Explanation: In SNMPv3 access control has been made more flexible and secure. VACM defines a set of services that an application in an agent can use to validate command requests and notification receivers. Thus, VACM defines collections of data, groups of users of the data, and access statements.

Correct Answer: D. D. Authoritative
Explanation: An SNMP engine that acts in the role of an agent is the designated authoritative SNMP engine. An authoritative SNMP engine is responsible for the accuracy of the time-stamp and a unique SNMP engine ID in each message.

Correct Answer: C. C. An unauthorized user sends information to another assuming the identity of an authorized user
Explanation: Masquerade is when an unauthorized user sends information to another assuming the identity of an authorized user. This can be done by changing the originating address. Using the masquerade and modification of information, an unauthorized user can perform an operation on a management entity, which he or she is not permitted to do. The SNMP set operation should be protected against this attack.

Correct Answer: D. D. Hmac-mds-96, hmac-sha-96
Explanation: HMAC-MDS-96 and HMACSHA-96 are the two algorithms recommended in SNMPv3 for developing the key from the password. The first letter in the designation stands fur the cryptographic hash function (H) used for generating the Message Access Code (MAC). The second part in the designation is the bashing algorithm used, the first one being the MDS hashing algorithm, and the second one the SHA-1 hashing algorithm to generate MAC.

Correct Answer: B. B. False
Explanation: The first eight octets of the 16-octet privacy key are used to create the DES key. The DES key is only 56 bits long and hence the least significant bit of each octet in the privacy key is discarded.

Correct Answer: C. C. Request
Explanation: The discovery of agents in the agents by NMS, in the network is accomplished by generating a Request message with a security level of no-authentication and no-privacy, a user name of “initial,” an authoritative SNMP engine ID of zero length, and a varBind list that is empty.

Correct Answer: D. D. It determines the access rights to objects as read-view, write-view, and notify-view
Explanation: The access policy determines the access rights to objects as read-view, write-view, and notify-view. For a given groupName, contextName, securityModel and securityLevel, that group’s access rights are defined by either the combination of the three views or not-accessible.

Correct Answer: A. A. Context
Explanation: There are five elements of VACM model. They are: (I) groups, (2) security level (3) contexts, (4) MIB views and view families, and (5) access policy. An SNMP context is a collection of management information accessible by an SNMP entity. An SNMP entity has access to potentially more than one context. Each SNMP engine has a context table that lists the locally available contexts by contextName.