Which statement describes a result of securing the Cisco IOS image using the Cisco IOS image
resilience feature?
A.
The show version command does not show the Cisco IOS image file location.
B.
The Cisco IOS image file is not visible in the output from the show flash command.
C.
When the router boots up, the Cisco IOS image is loaded from a secured FTP location.
D.
The running Cisco IOS image is encrypted and then automatically backed up to the NVRAM.
E.
The running Cisco IOS image is encrypted and then automatically backed up to a TFTP server.
Explanation:
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_book.html
secure boot-config
To take a snapshot of the router running configuration and securely archive it in persistent storage,
use the secure boot-config command in global configuration mode. To remove the secure
configuration archive and disable configuration resilience, use the no form of this command.
secure boot-config [restore filename]
no secure boot-config
Usage Guidelines
Without any parameters, this command takes a snapshot of the router running configuration and
securely archives it in persistent storage. Like the image, the configuration archive is hidden and
cannot be viewed or removed directly from the command-line interface (CLI) prompt . It is
recommended that you run this command after the router has been fully configured to reach a
steady state of operation and the running configuration is considered complete for a restoration, if
required. A syslog message is printed on the console notifying the user of configuration resilience
activation. The secure archive uses the time of creation as its filename. For example, .runcfg-
20020616-081702.ar was created July 16 2002 at 8:17:02.
The restore option reproduces a copy of the secure configuration archive as the supplied filename
(disk0:running-config, slot1:runcfg, and so on). The restore operation will work only if configuration
resilience is enabled. The number of restored copies that can be created is unlimited.The no form of this command removes the secure configuration archive and disables configuration
resilience.
An enable, disable, enable sequence has the effect of upgrading the configuration archive if any
changes were made to the running configuration since the last time the feature was disabled.
The configuration upgrade scenario is similar to an image upgrade. The feature detects a different
version of Cisco IOS and notifies the user of a version mismatch. The same command can be run to
upgrade the configuration archive to a newer version after new configuration commands
corresponding to features in the new image have been issued.
The correct sequence of steps to upgrade the configuration archive after an image upgrade is as
follows:
•Configure new commands
•Issue the secure boot-config command secure boot-image
To enable Cisco IOS image resilience, use the secure boot-image command in global configuration
mode. To disable Cisco IOS image resilience and release the secured image so that it can be safely
removed, use the no form of this command.
secure boot-image no secure boot-image
Usage Guidelines
This command enables or disables the securing of the running Cisco IOS image. The following two
possible scenarios exist with this command.
•When turned on for the first time, the running image (as displayed in the show version command
output) is secured, and a syslog entry is generated. This command will function properly only when
the system is configured to run an image from a disk with an Advanced Technology Attachment
(ATA) interface. Images booted from a TFTP server cannot be secured. Because this command has
the effect of “hiding” the running image, the image file will not be included in any directory listing of
the disk. The no form of this command releases the image so that it can be safely removed.
•If the router is configured to boot up with Cisco IOS resilience and an image with a different version
of Cisco IOS is detected, a message similar to the following is displayed at bootup:
ios resilience :Archived image and configuration version 12.2 differs from running version 12.3.
Run secure boot-config and image commands to upgrade archives to running version.
To upgrade the image archive to the new running image, reenter this command from the console. A
message will be displayed about the upgraded image. The old image is released and will be visible in
the dir command output.