Volume 2 - Chapter 10: Securing Network Devices Flashcards
What is the command that enables the encryption of existing configured passwords on a switch?
service password-encryption
A network engineer runs the command “show run | begin line con 0”
Which returns the following response:
line con 0
password 7 070C285F4D06
login
How is the password for the console encrypted?
The password type of 7 indicates that this is a password encrypted with the “service password-encryption” command.
A network engineer enables password encryption which returns the following configuration:
line con 0
password 7 9FDJS6RFN0F908S
login
The engineer then removes password encryption using the “no service password-encryption” command. What will be the output when the engineer performs a “show run”?
The command will produce the same output:
line con 0
password 7 9FDJS6RFN0F908S
login
Turning off password encryption does not remove the encryption for any currently configured passwords. The password needs to be manually changed.
Describe how IOS handles enable passwords when both of the following commands are configured:
* enable secret xxxxx
* enable password xxxxx
IOS will ignore the password command and only use the secret.
A network engineer does not configure an enable password or secret.
What will happen when logging into the switch console?
The user will enter priviledge EXEC mode automatically.
Describe how passwords differ between the following:
* An enable password encrypted with the “service password-encryption” command
* An configured enable secret
When using the secret, the switch hashes the password using a hashing algorithm and does not store the unencrypted password
What default enable secret hashing method is used in IOS by default?
MD5
A network engineer runs the command “show run | include enable secret” which returns the following response:
* enable secret 8 OE5EHoii16eG=
What does this output tell us about the currently configured enable credential?
The enable secret is hashed using SHA-256.
A network engineer runs the command “show run | include enable secret” which returns the following response:
* enable secret 5 OAAEHo8v16et=
What does this output tell us about the currently configured enable credential?
The enable secret is hashed using MD5.
A network engineer runs the command “show run | include enable secret” which returns the following response:
* enable secret 9 OAAEHo8v16et=
What does this output tell us about the currently configured enable credential?
The enable secret is hashed using Scrypt.
What is the command to change the algorithm-type for the enable secret?
enable algorithm-type type secret password
What default enable secret hashing method is used in IOS-XE by default?
Scrypt
True or False:
IOS supports using different password types (cleartext versus secret) for different users.
True, you can configure specific users with a password and other users with a secret.
However, you cannot configure a secret and a password for the same user.
What is the command to change the algorithm-type for a specific local user?
username username algorithm-type type secret password
What default username and secret hashing method is used in IOS by default?
MD5
