Cisco CCNA mock exam questions sample test – Question 156

.Which two are the limitations of the service password-encryption command? (Choose two.)

A. It uses the MD5 algorithm for password hashing.
B. It uses the Vigenere cipher algorithm.
C. An observer cannot read the password when looking at the administrator’s screen.
D. The algorithm used by this command cannot protect the configuration files against detailed analysis by attackers.

Correct Answer: BD

Explanation:
The following are limitations of the service password-encryption command:
It uses the Vigenere cipher algorithm, which is simple in nature.
A cryptographer can easily crack the algorithm in a few hours.
The algorithm used by this command cannot protect the configuration files against detailed analysis by attackers.
The service password-encryption command does not use the MD5 algorithm for password hashing. The MD5 algorithm is used by the enable secret command.
The option stating that an observer cannot read the password when looking at the administrator’s screen is incorrect because this is an advantage of the service password-encryption
command.
Objective:
Infrastructure Security
Sub-Objective:
Configure, verify, and troubleshoot basic device hardening
References:
Cisco Documentation > Cisco IOS Security Command Reference, Release 12.4 > service password-encryption
Cisco > Tech Notes > Cisco Guide to Harden Cisco IOS Devices > Document ID: 13608