350-401 · Question #638
An engineer must protect the password for the VTY lines against over-the-shoulder attacks. Which configuration should be applied?
The correct answer is A. service password-ncryption. The question asks how to protect VTY line passwords from over-the-shoulder attacks, which means preventing them from being seen in plain text in the configuration.
Question
Options
- Aservice password-ncryption
- Busername netadmin secret 9 $9$vFpMf8elb4RVV8$seZ/bDA
- Cusername netadmin secret 7$1$42J36k33008Pyh4QzwXyZ4
- Dline vty 0 15 p3ssword XD822j
How the community answered
(44 responses)- A70% (31)
- B16% (7)
- C5% (2)
- D9% (4)
Why each option
The question asks how to protect VTY line passwords from over-the-shoulder attacks, which means preventing them from being seen in plain text in the configuration.
The `service password-encryption` command encrypts all unencrypted passwords in the running configuration, including those configured for VTY lines, using a weak type 7 encryption, which obfuscates them from casual viewing.
This command configures a username with a type 9 secret password (strong hash) for local user accounts, not directly protecting the VTY line password itself.
This command configures a username with a type 7 secret password (weak encryption) for local user accounts, not directly protecting the VTY line password.
This command sets a plain-text password for the VTY lines, which would be visible in the configuration and vulnerable to over-the-shoulder attacks without `service password-encryption`.
Concept tested: Cisco password encryption for configuration display
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_name_pwd/configuration/15-mt/sec-usr-name-pwd-15-mt-book/sec-usr-name-pwd-cfg.html#GUID-E182103E-B19F-4581-A6B1-D4222045A958
Topics
Community Discussion
No community discussion yet for this question.