Back to CCNA 200-301

CCNA 200-301 · Security Fundamentals (15%)

Device Security

Device Security: Device Access and Passwords > Exam relevance: Device security — specifically the SSH configuration sequence — is a guaranteed simulation topic on the CCNA 200-301 exam. Expect at least one hands-on simulation requiring you to secure a router or switch from scratch, plus MCQs testing the distinctions between password types and access methods. --- ## Why Device Security Matters Every Cisco device you configure is a potential attack surface. If an unauthorized user gains CLI access, they can reroute traffic, disable interfaces, or exfiltrate data. The CCNA exam tests whether you can lock down that access using the tools IOS provides: console passwords, VTY line passwords, enable secrets, local user accounts, and SSH. --- ## Key Concepts ### Password Types and the Privilege Hierarchy Cisco IOS uses a two-level privilege model by default: | Mode | Privilege Level | Purpose | |---|---|---| | User EXEC (>) | 1 | Limited monitoring commands | | Privileged EXEC (#) | 15 | Full configuration access | To reach Privileged EXEC, the device checks for an enable secret (preferred) or enable password (legacy). The critical distinction: - enable password — stored in the configuration in cleartext (or weak reversible encryption with service password-encryption) - enable secret — stored as an MD5 hash and always takes precedence over enable password if both are configured > Rule: Always use enable secret. Never rely on enable password alone. ### service password-encryption This global command applies Cisco Type 7 (reversible) encryption to cleartext passwords in the running config — including enable password, console, and VTY line passwords. It is not strong encryption; it only prevents casual shoulder-surfing of a config file. enable secret uses…

Keep reading: Device Security

Unlock the full CCNA 200-301 course — every lesson, the AI tutor, and full mock exams.

  • Full lesson content
  • AI tutor for this section
  • Practice questions