HPE Aruba Certified Edge Associate (ACEA) — Question 5

Several AOS-CX switches are responding to SNMPv2 GET requests for the public community. The customer only permits SNMPv3. You have asked a network admin to fix this problem. The admin says, “I tried to remove the community, but the CLI output an error.”
What should you recommend to remediate the vulnerability and meet the customer’s requirements?

Answer options

• A. Enabling control plane policing to automatically drop SNMP GET requests
• B. Setting the snmp-server settings to “snmpv3-only”
• C. Adding an SNMP community with a long random name
• D. Enabling SNMPv3, which implicitly disables SNMPv1/v2

Correct answer: B

Explanation

The correct answer is B because setting the snmp-server settings to 'snmpv3-only' ensures that only SNMPv3 requests are processed, effectively eliminating the vulnerability associated with SNMPv2. Options A and D are not direct solutions to the problem, as A focuses on dropping requests rather than configuring the protocol, and D does not address the current configuration issue. Option C does not resolve the underlying problem, as adding a community with a random name does not enforce the use of SNMPv3.