Which Cisco command keeps unauthorized users from viewing passwords in the router configuration file?
A.
enable secret
B.
enable password
C.
enable encryption
D.
service encryption
E.
service password-encryption
Explanation:
The service password-encryption global configuration mode command keeps unauthorized users from viewing
passwords in the router configuration file. The service password-encryption command encrypts all current and
future passwords configured on the router, including the line password, virtual terminal password, console
password, user name password, routing protocol passwords such as BGP neighbor passwords, the privileged
command password, and authentication key passwords. Moreover, it encrypts any future passwords created on
the router.
The encryption process occurs whenever the current configuration is built or a password is configured. The
service password-encryption command will cause the router configuration file to display encrypted characters
instead of passwords when the running-configuration or startup-configuration files are viewed.
The enable password command creates a password that will be required to enter privileged EXEC mode, but
the password will not be encrypted.
The enable secret command provides encryption to the enable mode passwords but does not apply globally to
all passwords configured on the router. It also does not encrypt any future passwords created on the router.
The enable encryption and service encryption commands are invalid.
Objective:
Infrastructure Security
Sub-Objective:
Configure, verify, and troubleshoot basic device hardeningCisco > Cisco IOS Security Command Reference > service password-encryption
Cisco Tech Notes > Cisco IOS Password Encryption Facts > Document ID: 107614