Which statement correctly contrasts SNMP v2c and SNMP v3 regarding security features?

• A. v2c uses plaintext community strings for authentication; v3 adds user-based authentication.
• B. v2c uses encryption by default; v3 removes authentication.
• C. v3 offers no improvements over v2c.
• D. Both versions provide the same security mechanisms.

Answer: (A)

SNMPv2c relies on a community string for access control, and those strings are sent in plaintext, so there is no real authentication or encryption. SNMPv3 changes that by introducing a user-based security model: a user can be authenticated using cryptographic methods (like MD5 or SHA) and, optionally, the message can be encrypted for privacy. This means v3 not only verifies who is requesting data but can also protect the data in transit. The statement that v2c uses plaintext community strings for authentication and that v3 adds user-based authentication correctly captures this difference. The other options misstate the facts: v2c does not use encryption by default, v3 does not remove authentication, and the two versions do not provide identical security mechanisms.