Options C and D configure a new password that is already encrypted.
Example: "username netadmin secret 7 $1$42J31k98867Pyh4QzwXyZ4".
"$1$42J31k98867Pyh4QzwXyZ4" is the encrypted version of the password using Vigenère cipher encryption.
Option A configures a cleartext password on the VTY lines.
Option B is correct: "service password-encryption" encrypts all cleartext passwords, including those configured for the VTY lines.
Sir you got it wrong .
On older IOS versions you need to type this 2 lines of code so you can unlock the second part .
Config example:
R6(config)#key config-key password-encrypt <STRONG-PASSWORD>
R6(config)#password encryption aes
(config)# username admin secret ?
0 Specifies an UNENCRYPTED secret will follow
5 Specifies a MD5 HASHED secret will follow
8 Specifies a PBKDF2 HASHED secret will follow
9 Specifies a SCRYPT HASHED secret will follow
LINE The UNENCRYPTED (cleartext) user secret
Type 9 is the strongest encryption algorithm on IOS devices , some crypto currencies use this algorithm , read about it you will like it . IT's strong vs parallelism attacks . ( attacks using APICs to brute force attack passwords.)
Only Option 'B' will encrypt previously configured passwords. Any new password configured after the command "password-encryption" is enabled will also be encrypted.
B is the correct one. The command provides weak encryption but it is enough to avoid shoulder surfing attacks.
C and D are more secure option but they are for local user authentication on VTY, not for password authentication on VTY as the question asks.
A configures the password in clear text with no protection
This is referring to the password under the VTY lines, meaning that we are using the password command under line vty 0 15, and to protect that password from over-the-shoulder attacks when we issue a show run we have to use service password-encryption. This is also in Question #721, where the only correct answer is service password-encryption as well.
B - When you use the "service password-encryption" command, any clear-text passwords that are set using the "line vty 0 15 password" command or similar commands will be encrypted. This means that when you look at the configuration file or monitor the console, you will not see the actual password, but rather an encrypted representation of it.
Going with B,
The question asks "protect the password for the VTY". So taking specifically from the VTY config point of view. The VTY password will be encrypted when service password-encryption. The question is not asking about username and password, IMO
I go for D - Type 9 is the bp and I don't use cleartext
https://community.cisco.com/t5/networking-knowledge-base/understanding-the-differences-between-the-cisco-password-secret/ta-p/3163238
I go for D. The password is already entered hashed and therefore protected also while the Engineers is typing the command.
C is not recommended due to weak hashing. B. is hashing the password after is was typed in clear text.
cisco(config)#username test privilege 15 password test777
cisco(config)#do s running-config | include user
username test privilege 15 password 0 test777
cisco(config)#service password-encryption
cisco(config)#do s running-config | include user
username test privilege 15 password 7 044F0E151B761B19
cisco(config)#
cisco(config)#do wr
Building configuration...
[OK]
cisco(config)#
This question is asking how to protect the password for the VTY lines, meaning that you have the password command directly under the VTY lines. No username is used. And to protect that password from over-the-shoulder attacks, you have to use service password encryption.
upvoted 2 times
...
...
...
This section is not available anymore. Please use the main Exam Page.350-401 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
AbdullahMohammad251
7 months agomatass_md
2 months, 2 weeks agoAbdullahMohammad251
7 months ago[Removed]
11 months, 2 weeks agoamadeu
1 year agoClaudiu1
1 year, 2 months agoBurik
1 year, 10 months agoCesar12345
1 year, 11 months agoNickplayany
2 years, 2 months agosinaghozati
2 years, 2 months agosnarkymark
2 years, 3 months agoeff3
2 years, 3 months agoRose66
2 years, 3 months agoStefanOT2
2 years, 3 months agonushadu
2 years, 4 months agoStefanOT2
2 years, 3 months agoBurik
1 year, 10 months ago