Cisco CCNA mock exam questions sample test – Question 68

.Which Cisco command keeps unauthorized users from viewing passwords in the router configuration file?

A. enable secret
B. enable password
C. enable encryption
D. service encryption
E. service password-encryption

Correct Answer: E

Explanation:
The service password-encryption global configuration mode command keeps unauthorized users from viewing passwords in the router configuration file. The service passwordencryption
command encrypts all current and future passwords configured on the router, including the line password, virtual terminal password, console password, user name
password, routing protocol passwords such as BGP neighbor passwords, the privileged command password, and authentication key passwords. Moreover, it encrypts any future
passwords created on the router.
The encryption process occurs whenever the current configuration is built or a password is configured. The service password-encryption command will cause the router configuration
file to display encrypted characters instead of passwords when the running-configuration or startup-configuration files are viewed.
The enable password command creates a password that will be required to enter privileged EXEC mode, but the password will not be encrypted.
The enable secret command provides encryption to the enable mode passwords but does not apply globally to all passwords configured on the router. It also does not encrypt any
future passwords created on the router.
The enable encryption and service encryption commands are invalid.
Objective:
Infrastructure Security
Sub-Objective:
Configure, verify, and troubleshoot basic device hardening
References:
Cisco > Cisco IOS Security Command Reference > service password-encryption
Cisco Tech Notes > Cisco IOS Password Encryption Facts > Document ID: 107614