SNMP is a protocol used to query hosts, servers, and devices about performance or health status
data. This protocol has long been used by hackers to gather great amount of information about
remote hosts.
Which of the following features makes this possible? (Choose two)
A.
It used TCP as the underlying protocol.
B.
It uses community string that is transmitted in clear text.
C.
It is susceptible to sniffing.
D.
It is used by all network devices on the market.
Explanation:
Simple Network Management Protocol (SNMP) is a protocol which can be used by
administrators to remotely manage a computer or network device. There are typically 2 modes of
remote SNMP monitoring. These modes are roughly ‘READ’ and ‘WRITE’ (or PUBLIC and
PRIVATE). If an attacker is able to guess a PUBLIC community string,they would be able to read
SNMP data (depending on which MIBs are installed) from the remote device. This information
might include system time,IP addresses,interfaces,processes running,etc. Version 1 of SNMP has
been criticized for its poor security. Authentication of clients is performed only by a “community
string”,in effect a type of password,which is transmitted in cleartext.
Just for thinking about:
1) Ethernet protocol is susceptible to sniffing. SNMP uses 161 UDP port/IP/Ethernet. And the data is transmitted in clear text => sniffing.
2) What does ALL network devices mean? (And who knows about ALL and “noname” devices on the market all over the world?)
HUBs? Absolutely NOT. Switches and Routers? NOT, at least not all of them. Especially cheap “noname” devices (as non configurable switches). All of it can carry SNMP as traffic, but it is not asked in question.
I suggest B and C.
D is definetly a wrong answer.
B and C are correct.
Correct is B and C
As shown here, the real answers are B and C
http://www.aiotestking.com/ec-council/which-of-the-following-features-makes-this-possible-2/