nerdexam
Cisco

350-401 · Question #75

Which method does the enable secret password option use to encrypt device passwords?

The correct answer is D. MD5. MD5 (Message Digest 5) is the hashing algorithm used by Cisco's enable secret command to encrypt passwords stored in the device configuration. Unlike the weaker enable password command (which uses Type 7 reversible encoding), enable secret applies a one-way MD5 hash, making it si

Submitted by yousef_jo· Mar 6, 2026Security

Question

Which method does the enable secret password option use to encrypt device passwords?

Options

  • AAES
  • BCHAP
  • CPAP
  • DMD5

How the community answered

(14 responses)
  • C
    7% (1)
  • D
    93% (13)

Explanation

MD5 (Message Digest 5) is the hashing algorithm used by Cisco's enable secret command to encrypt passwords stored in the device configuration. Unlike the weaker enable password command (which uses Type 7 reversible encoding), enable secret applies a one-way MD5 hash, making it significantly more secure.

Why the distractors are wrong:

  • A (AES): AES is a symmetric encryption algorithm used in protocols like WPA2 and IPsec, not in the enable secret command.
  • B (CHAP): CHAP (Challenge Handshake Authentication Protocol) is a PPP authentication protocol used for dial-up/WAN connections, not password storage encryption.
  • C (PAP): PAP (Password Authentication Protocol) is another PPP authentication method that actually sends credentials in plaintext, making it the least secure option of the bunch.

Memory Tip: Think "Secret = MD5" - both words have a "hidden/one-way" theme. You can also remember that enable secret produces a hash string beginning with $1$ in Cisco configs, which is the standard indicator for MD5 hashing. If you see a 32-character hex-like string in the config, that's your MD5 fingerprint!

Topics

#Cisco IOS security#Password hashing#MD5 algorithm#enable secret command

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice