SNMP (Simple Network Management Protocol) uses community strings as a basic form of authentication. The default read-only community string "public" is widely known, and if leftunchanged, it exposes devices to unauthorized access. The primary risk with "public" is information disclosure, as it typically grants read-only access, allowing attackers to gather sensitive data (e.g., device configurations, network topology) without altering settings.

Why A is correct:With the "public" string, an attacker can use tools like snmpwalk to enumerate device details (e.g., system uptime, interfaces, or software versions) via SNMP queries. This aligns with CNSP’s focus on reconnaissance risks during security audits, emphasizing the danger of default credentials enabling passive data collection.

Why other options are incorrect:

B:While modifying settings is a risk with SNMP, the default "public" string is typically read-only. Changing configurations requires a read-write community string (e.g., "private"), which isn’t implied here. Thus, snmpset would not work with "public" alone.

C:Since B is incorrect in this context, C (both A and B) cannot be the answer.

D:The risk in A is valid, so "none of the above" is incorrect.

References:CNSP "Network Device Security" (Section on SNMP Security) highlights the reconnaissance risk of default "public" strings and tools like snmpwalk for exploitation, distinguishing read-only from read-write access.