>) | 1 | Limited monitoring commands | | Privileged EXEC (#) | 15 | Full configuration access | To reach Privileged EXEC, the device checks for an enable secret (preferred) or enable password (legacy). The critical distinction: - enable password — stored in the configuration in cleartext (or weak reversible encryption with service password-encryption) - enable secret — stored as an MD5 hash and always takes precedence over enable password if both are configured > Rule: Always use enable secret. Never rely on enable password alone. ### service password-encryption This global command applies Cisco Type 7 (reversible) encryption to cleartext passwords in the running config — including enable password, console, and VTY line passwords. It is not strong encryption; it only prevents casual shoulder-surfing of a config file. enable secret uses…Unlock the full CCNA 200-301 course — every lesson, the AI tutor, and full mock exams.