Which Cisco command keeps unauthorized users from viewi…

Which Cisco command keeps unauthorized users from viewing passwords in the router configuration file?

Which Cisco command keeps unauthorized users from viewing passwords in the router configuration file?

A.
enable secret

B.
enable password

C.
enable encryption

D.
service encryption

E.
service password-encryption

Explanation:
The service password-encryption global configuration mode command keeps unauthorized users from viewing
passwords in the router configuration file. The service password-encryption command encrypts all current and
future passwords configured on the router, including the line password, virtual terminal password, console
password, user name password, routing protocol passwords such as BGP neighbor passwords, the privileged
command password, and authentication key passwords. Moreover, it encrypts any future passwords created on
the router.
The encryption process occurs whenever the current configuration is built or a password is configured. The
service password-encryption command will cause the router configuration file to display encrypted characters
instead of passwords when the running-configuration or startup-configuration files are viewed.
The enable password command creates a password that will be required to enter privileged EXEC mode, but
the password will not be encrypted.
The enable secret command provides encryption to the enable mode passwords but does not apply globally to
all passwords configured on the router. It also does not encrypt any future passwords created on the router.
The enable encryption and service encryption commands are invalid.
Objective:
Infrastructure Security
Sub-Objective:
Configure, verify, and troubleshoot basic device hardening

Cisco > Cisco IOS Security Command Reference > service password-encryption
Cisco Tech Notes > Cisco IOS Password Encryption Facts > Document ID: 107614



Leave a Reply 0

Your email address will not be published. Required fields are marked *