nerdexam
Cisco

350-401 · Question #967

Which configuration protects the password for the VTY lines against over-the-shoulder attacks?

The correct answer is D. service password-encryption. To protect VTY line passwords from over-the-shoulder attacks by encrypting them in the configuration, the service password-encryption command is used.

Submitted by carlos_mx· Mar 6, 2026Security

Question

Which configuration protects the password for the VTY lines against over-the-shoulder attacks?

Options

  • Aline vty 0 15
  • Busername admin secret 7 6j809J23kpp438337113N7%e$
  • Cline vty 0 4
  • Dservice password-encryption

How the community answered

(39 responses)
  • B
    5% (2)
  • C
    3% (1)
  • D
    92% (36)

Why each option

To protect VTY line passwords from over-the-shoulder attacks by encrypting them in the configuration, the `service password-encryption` command is used.

Aline vty 0 15

The `line vty 0 15` command simply specifies the range of virtual terminal lines to configure; it does not encrypt passwords.

Busername admin secret 7 6j809J23kpp438337113N7%e$

While `secret` passwords are encrypted using a strong (Type 5) hash, this command configures a specific local user password and does not affect unencrypted passwords configured elsewhere, such as with `password` on VTY lines.

Cline vty 0 4

The `line vty 0 4` command, similar to option A, only specifies a range of VTY lines and does not provide password encryption or protection.

Dservice password-encryptionCorrect

The `service password-encryption` command encrypts all unencrypted passwords, including those configured with the `password` command on VTY lines, using a weak but irreversible Type 7 encryption. This obfuscates the passwords when viewing the configuration, protecting them from casual observation (over-the-shoulder attacks).

Concept tested: Cisco IOS password encryption for configuration

Source: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_usr_authen/configuration/xe-3s/sec-usr-authen-xe-3s-book/sec-usr-authen-cfg.html

Topics

#service password-encryption#VTY lines#credential protection#CLI security

Community Discussion

No community discussion yet for this question.

Full 350-401 Practice