Question:
When applied to a router, which command would help mitigate brute-force password attacks against the router?
- exec-timeout 30
- service password-encryption
- banner motd $Max failed logins = 5$
- login block-for 60 attempts 5 within 60
Explanation: The login block-for command sets a limit on the maximum number of failed login attempts allowed within a defined period of time. If this limit is exceeded, no further logins are allowed for the specified period of time. This helps to mitigate brute-force password cracking since it will significantly increase the amount of time required to crack a password. The exec-timeout command specifies how long the session can be idle before the user is disconnected. The service password-encryption command encrypts the passwords in the running configuration. The banner motd command displays a message to users who are logging in to the device.
Exam with this question: CCNA 1 v7 Modules 16 – 17 Exam Answers
Exam with this question: CCNA 1 (v5.1 + v6.0) Practice Final Exam Answers
Exam with this question: CCNA Security Pretest Exam Answers
Please login or Register to submit your answer