An administrator wants to configure SNMPv3 on a FortiGate for secure monitoring. Which configuration is required?
Why this answer
SNMPv3 requires a user-based security model (USM) with authentication (e.g., SHA) and privacy (e.g., AES) protocols to provide integrity, authentication, and encryption. Without these, SNMPv3 cannot secure monitoring traffic, making option A the mandatory configuration.
Exam trap
The trap here is that candidates often think enabling SNMP on a specific interface or using ACLs is the primary security requirement, but SNMPv3's security is entirely user-based and requires explicit authentication and privacy protocols.
How to eliminate wrong answers
Option B is wrong because SNMP agent can be enabled on any interface, not only WAN, and the interface selection does not enforce security; SNMPv3 security is user-based, not interface-based. Option C is wrong because while access control lists can restrict SNMP access, they are not required for SNMPv3; the core requirement is the user with authentication and privacy. Option D is wrong because setting the community string to 'public' and enabling SNMPv1/v2c bypasses SNMPv3's security entirely, leaving monitoring unencrypted and unauthenticated.