3.5 Device Passwords

Question 1

What are the two primary password levels?

Answer 1

User mode and privileged mode

Question 2

What two types of passwords can you put on user mode?

Answer 2

Console password and Virtual terminal password

Question 3

What does the VTY password mean?

Answer 3

Virtual terminal password

Question 4

What does the console password prevent someone from being able to do?

Answer 4

Limits who can access user mode through the console port

Question 5

What does the VTY password prevent someone from doing?

Answer 5

Restricts who can gain access to user mode through remote access

Question 6

What mode in the cisco cli allows you to change passwords?

Answer 6

Privileged mode

Question 7

Describe the Secure privileged exec access password

Answer 7

The password that restricts access to privileged exec mode is the most important password that you will set. This can be accomplished using the enable secret global configuration command with the password variable.

Question 8

Describe the Secure user exec access password

Answer 8

The exec mode password controls the ability to switch to configuration modes. There are two passwords that can be used. The enable password is stored in clear text in the config file. The enable secret password is encrypted and stored in the config file. To secure user exec access, the console port needs to be configured properly.

Question 9

Describe the Secure remote Telnet access password

Answer 9

The exec mode password controls the ability to switch to configuration modes. There are two passwords that can be used. The enable password is stored in clear text in the config file. The enable secret password is encrypted and stored in the config file. To secure user exec access, the console port needs to be configured properly.

Question 10

What does the command Router(config)#enable secret password do

Answer 10

Sets the encrypted password used for privileged mode access. The enable secret should always be used if it exists.

Question 11

What does the command Router(config)#enable password password do

Answer 11

Sets the unencrypted password for privileged mode access. This password is used if enable secret is not set.

Question 12

What does the command Router(config)#Line console interface do

Answer 12

This global config command allows a user to enter console configuration mode. The zero identifies the console interface (usually there is only one.)

Question 13

What does the command Router(config)#Line vty vty line 0 15 do

Answer 13

This global config command allows a user to enter line VTY mode.

Question 14

What does the command Router(config-line)#Login do

Answer 14

VTY access can be enabled using the login command.

Question 15

What does the command Router(config-line)#no enable secret
Router(config-line)#no enable password
Router(config-line)#no login
Router(config-line)#no password do

Answer 15

Removes the password. The no login command disables password checking.

Question 16

What does the command Service-password-encryption do

Answer 16

provides a basic level of encryption to all unencrypted passwords within the config file.

Question 17

What are the requirements for passwords on cisco devices?

Answer 17

Do not use the same password for all devices.
Do not use the same password for both your enable and enable secret passwords.
Passwords should be more than 8 characters long
Common words should not be used in passwords
Use a combination of letters, numbers, and symbols

Question 18

What is the first step in Password recovery?

Answer 18

Access ROMMON mode on your device. ROMMON mode can be accessed via a console by using a break sequence during the boot up process. Removing external flash memory while the device is turned off will also cause a device to boot in ROMMON mode.

Question 19

What is the second step inn Password recovery

Answer 19

Use the confreg 0x2142 command to set the configuration register to 0x2142 so the device will ignore the startup config file when the device is rebooted.

Question 20

What is the third step in password recovery

Answer 20

Use the reset command to restart the device.

Question 21

What is the fourth step in password recovery

Answer 21

When the device has finished restarting, copy the startup configuration file to the running configuration file using the copy startup-config running-config command.

Question 22

What is the fifth step in password recovery

Answer 22

Save updated configuration.

Question 23

What is the sixth step in password recovery

Answer 23

Configure all required passwords.

Question 24

what is the seventh step in password recovery

Answer 24

Use the confreg 0x2102 command to change the configuration register back to 0x2102 so the device will look to the startup config file on restart.

Question 25

What is the eighth step in password recovery

Answer 25

Reset the device. Upon restart, the device will use the reconfigured passwords to authenticate the user.

Question 26

What is the last step in password recovery

Answer 26

Use the show command to ensure that all changed configurations have been saved correctly.

Question 27

What command makes the cisco device ignore the startup config file when the device is rebooted?

Answer 27

confreg 0x2142

Question 28

After configuring a router to ignore the startup configuration when the device boots, what command would you use to tell the device to load the startup configuration upon boot?

Answer 28

confreg 0x2102