350-401 · Question #967
Which configuration protects the password for the VTY lines against over-the-shoulder attacks?
The correct answer is D. service password-encryption. To protect VTY line passwords from over-the-shoulder attacks by encrypting them in the configuration, the service password-encryption command is used.
Question
Options
- Aline vty 0 15
- Busername admin secret 7 6j809J23kpp438337113N7%e$
- Cline vty 0 4
- Dservice password-encryption
How the community answered
(39 responses)- B5% (2)
- C3% (1)
- D92% (36)
Why each option
To protect VTY line passwords from over-the-shoulder attacks by encrypting them in the configuration, the `service password-encryption` command is used.
The `line vty 0 15` command simply specifies the range of virtual terminal lines to configure; it does not encrypt passwords.
While `secret` passwords are encrypted using a strong (Type 5) hash, this command configures a specific local user password and does not affect unencrypted passwords configured elsewhere, such as with `password` on VTY lines.
The `line vty 0 4` command, similar to option A, only specifies a range of VTY lines and does not provide password encryption or protection.
The `service password-encryption` command encrypts all unencrypted passwords, including those configured with the `password` command on VTY lines, using a weak but irreversible Type 7 encryption. This obfuscates the passwords when viewing the configuration, protecting them from casual observation (over-the-shoulder attacks).
Concept tested: Cisco IOS password encryption for configuration
Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_authen/configuration/xe-3s/sec-usr-authen-xe-3s-book/sec-usr-authen-cfg.html
Topics
Community Discussion
No community discussion yet for this question.