Home > SNMP Questions

SNMP Questions

October 26th, 2018 Go to comments

Note: If you are not sure about SNMP, please read our SNMP tutorial.

Question 1


The user-based access control implemented by SNMPv3 is based on contexts and user names, rather than on IP addresses and community strings. It is a partial implementation of the view-based access control model (VACM).

Question 2


The first step we need to do when configuring an SNMPv3 user is to configure the server group to enable authentication for members of a specified named access list via the “snmp-server group” command. For example:

Router(config)# snmp-server group MyGroup v3 auth access snmp_acl

In this example, the SNMP server group MyGroup is configured to enable user authentication for members of the named access list snmp_acl.

Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/3850/snmp-xe-3se-3850-book/nm-snmp-snmpv3.html

Question 3


Default values do not exist for authentication or privacy algorithms when you configure the SNMP commands. Also, no default passwords exist. The minimum length for a password is one character, although we recommend that you use at least eight characters for security. If you forget a password, you cannot recover it and must reconfigure the user. You can specify either a plain text password or a localized Message Digest 5 (MD5) digest.

Reference: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/snmp/configuration/xe-3se/3850/snmp-xe-3se-3850-book/nm-snmp-snmpv2c.pdf

Question 4


Three security models are available: SNMPv1, SNMPv2c, and SNMPv3. The security model combined with the security level  determine the security mechanism applied when the SNMP message is processed.

The command “show snmp group” displays the names of groups on the router and the security model, the status of the different views, and the storage type of each group. Below is an example of this command.


Reference: https://www.cisco.com/c/en/us/td/docs/switches/datacenter/sw/5_x/nx-os/system_management/configuration/guide/sm_nx_os_cg/sm_9snmp.html

Question 5


The “show snmp pending” command displays the current set of pending SNMP requests. It also displays the SNMP version used.

Router# show snmp pending
req id: 47, dest:, V2C community: public, Expires in 5 secs
req id: 49, dest:, V2C community: public, Expires in 6 secs
req id: 51, dest:, V2C community: public, Expires in 6 secs
req id: 53, dest:, V2C community: public, Expires in 8 secs


The “show snmp engineID” displays the identification of the local SNMP engine and all remote engines that have been configured on the router. The following example specifies 00000009020000000C025808 as the local engineID and 123456789ABCDEF000000000 as the remote engine ID, as the IP address of the remote engine (copy of SNMP) and 162 as the port from which the remote device is connected to the local device: 

Router# show snmp engineID
Local SNMP engineID: 00000009020000000C025808
Remote Engine ID           IP-addr          Port
123456789ABCDEF000000000     162

Question 6


SNMPv1/v2 can neither authenticate the source of a management message nor provide encryption. Without authentication, it is possible for nonauthorized users to exercise SNMP network management functions. It is also possible for nonauthorized users to eavesdrop on management information as it passes from managed systems to the management system. Because of these deficiencies, many SNMPv1/v2 implementations are limited to simply a read-only capability, reducing their utility to that of a network monitor; no network control applications can be supported. To correct the security deficiencies of SNMPv1/v2, SNMPv3 was issued as a set of Proposed Standards in January 1998. -> A is correct.

(Reference: http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_1-3/snmpv3.html)

The two additional messages are added in SNMP2 (compared to SNMPv1)

GetBulkRequest The GetBulkRequest message enables an SNMP manager to access large chunks of data. GetBulkRequest allows an agent to respond with as much information as will fit in the response PDU. Agents that cannot provide values for all variables in a list will send partial information. -> E is correct.

InformRequest The InformRequest message allows NMS stations to share trap information. (Traps are issued by SNMP agents when a device change occurs.) InformRequest messages are generally used between NMS stations, not between NMS stations and agents. -> C is correct.

Note: These two messages are carried over SNMPv3.

Question 7


You can assign views to community strings to limit which MIB objects an SNMP manager can access. The syntax to create a view record is shown below:

Router(config)# snmp-server view view-name oid-tree {included | excluded}

Reference: https://www.cisco.com/c/en/us/td/docs/ios/12_2/configfun/configuration/guide/ffun_c/fcf014.html

Comments (15) Comments
  1. December
    September 1st, 2017

    Where can I see the question for No. 4 and 5 because this can’t see in pdf file??

  2. The WISE
    March 25th, 2018


  3. vik
    June 15th, 2018

    somebody help me question and answer {email not allowed}

  4. Dany1
    June 24th, 2018

    Q5. Cisco did not implement command to show snmp version.
    If you want to run show snmp pending, you can’t until you run snmp-server manager command.
    # snmp-server manager
    To start the Simple Network Management Protocol (SNMP) manager process, use the snmp-server manager global configuration command. To stop the SNMP manager process, use the no form of this command#
    In that way Cisco router become snmp manager and process sends SNMP requests to agents and receives SNMP responses and notifications from agents. When the SNMP manager process is enabled, the router can query other SNMP agents and process incoming SNMP traps.
    Output of show snmp pending is link to that requests.

    Table 109 show snmp pending Field Descriptions Field


    req id ID number of the pending request.

    dest IP address of the intended receiver of the request.

    V2C community SNMP version 2C community string SEND with the request.

    Expires in

    Remaining time before request timeout expires.

  5. Anonymous
    July 10th, 2018

    Are the CCNA questions on 9tut up to date? A brother failed the exam today and i want him to resit but i need some dumps for him to practice before

  6. Anonymous
    July 12th, 2018

    hi everyone,

    Please send me the latest dump CCNA 200-125 to me if you’ll have, I am preparing for CCNA exam next month.

    guason (at) gmx . us , please


    October 15th, 2018

    Hello . Please send me a copy of latest 200-125 CCNA dumps to my email majosab2423 @ gmail . com . Thank you so much!

  8. Anonymous
    February 21st, 2019

    9tut please update i just failed because 60 percent of the questions are purely new

  9. CCNAmbigous
    April 11th, 2019

    Isn’t the Security model another way of saying snmp version?
    Show snmp group
    show snmp pending

  10. bill
    April 30th, 2019

    this question came up in icnd2 exam:

    Question 1

    Which version of SNMP first allowed user-based access?

    A. SNMPv3 with RBAC
    B. SNMPv3
    C. SNMPv1
    D. SNMPv2

    Answer: B

  11. Eric
    May 23rd, 2019

    I Passed with 957 today and Q6 was there.

  12. Davos
    May 26th, 2019

    @Eric Is the dump valid ?

  13. matt
    June 17th, 2019

    entirely outdated, theres about 4-6 different exams you may get from my understanding. Lots of new questions not on here.

    I aced labs and most of questions still only got 749.

  14. matt
    June 17th, 2019

    i guess i should restate my last comment,

    I believe all the labs on 9tut are valid and complete, there are a few new D&D, many new questions. You will likely not pass just memorizing this stuff.

  15. eleazar
    February 16th, 2020

    It would be great if there were a better explanation for all the questions, i have to memorize some of them

Add a Comment