An administrator has just finished configuring a new password on a router. To ensure the change is not lost during a power outage, which of the following commands must they run?
A. show running-config
B. service password-encryption
C. copy running-config startup-config
D. enable secret cisco
A. show running-config → Incorrect. This command only displays the current configuration; it does not save it.
B. service password-encryption → Incorrect. This command encrypts weak passwords; it does not save the configuration file.
✅ C. copy running-config startup-config → Correct. This command saves the active configuration in RAM to the startup configuration in NVRAM, which persists through a reboot.
D. enable secret cisco → Incorrect. This command sets a password; it does not save the overall configuration.
A technician is connected to a switch and sees the SW1> prompt. They attempt to use the show running-config command but receive an error. What is the cause of this error?
a) The command is show run-config.
b) The technician is in user EXEC mode, which has limited commands.
c) The switch has no running configuration.
d) They must use the do keyword.
A. The command is show run-config. → Incorrect. The correct command is show running-config, although it can be abbreviated.
✅ B. The technician is in user EXEC mode, which has limited commands. → Correct. The > prompt indicates user EXEC mode, which does not have the privilege level required to view the configuration.
C. The switch has no running configuration. → Incorrect. A switch always has a running configuration, even if it’s the default.
D. They must use the do keyword. → Incorrect. The do keyword is only used to run privileged commands from within configuration mode, not user EXEC mode.
An engineer needs to set a password for privileged EXEC mode that will be stored as a strong MD5 hash in the configuration. Which command should they use?
a) enable password cisco
b) service password-encryption
c) enable secret class
d) copy running-config startup-config
A. enable password cisco → Incorrect. This command uses very weak Type 7 encryption or stores the password in plaintext.
B. service password-encryption → Incorrect. This service only applies weak Type 7 encryption to otherwise plaintext passwords.
✅ C. enable secret class → Correct. The enable secret command specifically uses the strong Type 5 (MD5) hashing algorithm.
D. copy running-config startup-config → Incorrect. This command saves the configuration; it does not set a password.
A junior admin is looking at a line in a router’s configuration that says enable password cisco. Which command should they configure to ensure this weakly protected password is never used, even though it remains in the config file?
a) no enable password cisco
b) service password-encryption
c) enable secret class
d) shutdown
A. no enable password cisco → Incorrect. This would remove the command, but the goal is to override it, not just remove it.
B. service password-encryption → Incorrect. This would only encrypt the weak password, not prevent it from being used.
✅ C. enable secret class → Correct. If both an enable secret and enable password exist, the IOS will always use the more secure enable secret.
D. shutdown → Incorrect. This is an interface command and is unrelated to passwords.
You are in global configuration mode on a router and need to quickly check the status of the device’s interfaces using the show ip interface brief command. Which of the following is the correct way to issue this command without leaving configuration mode?
a) show ip interface brief
b) do show ip interface brief
c) run show ip interface brief
d) exit show ip interface brief
A. show ip interface brief → Incorrect. This command works in privileged EXEC mode, but will produce an error if run directly in configuration mode.
✅ B. do show ip interface brief → Correct. The do keyword is a prefix that executes privileged EXEC commands from within any configuration mode.
C. run show ip interface brief → Incorrect. run is not a valid Cisco IOS keyword for this purpose.
D. exit show ip interface brief → Incorrect. exit is used to move up a level in the mode hierarchy.
The running-config is stored in […], while the startup-config is stored in […].
a) NVRAM, RAM
b) RAM, NVRAM
c) Flash, RAM
d) ROM, Flash
A. NVRAM, RAM → Incorrect. This is reversed. NVRAM is non-volatile and stores the startup configuration.
✅ B. RAM, NVRAM → Correct. The active running-config is in volatile RAM; the saved startup-config is in non-volatile NVRAM.
C. Flash, RAM → Incorrect. Flash stores the IOS image, not the running configuration.
D. ROM, Flash → Incorrect. ROM contains the bootstrap program, and Flash contains the IOS image.
A technician uses a light blue cable to connect their laptop’s USB-to-Serial adapter to the console port of a new Cisco switch. What is this special type of cable called?
a) Crossover
b) Straight-through
c) Ethernet
d) Rollover
A. Crossover → Incorrect. Crossover cables are for connecting similar Ethernet devices (e.g., switch to switch).
B. Straight-through → Incorrect. Straight-through cables are for connecting dissimilar Ethernet devices (e.g., PC to switch).
C. Ethernet → Incorrect. This is a general category; the specific type for console access is different.
✅ D. Rollover → Correct. The light blue cable with a reversed pinout for Cisco console access is called a rollover cable.
Which two settings are defaults for a Cisco console port connection? (Choose two.)
a) Baud Rate: 19200
b) Data Bits: 8
c) Parity: Even
d) Baud Rate: 9600
e) Flow Control: XON/XOFF
A. Baud Rate: 19200 → Incorrect. This is a valid baud rate, but not the default for Cisco console ports.
✅ B. Data Bits: 8 → Correct. 8 data bits is part of the standard default console settings.
C. Parity: Even → Incorrect. The default setting is for no parity checking.
✅ D. Baud Rate: 9600 → Correct. 9600 is the standard default speed for console connections.
E. Flow Control: XON/XOFF → Incorrect. The default setting is for no flow control.
An administrator wants to remove the hostname Router1 command from the configuration. They are currently in global configuration mode. Which command will accomplish this?
a) erase hostname Router1
b) delete hostname Router1
c) no hostname Router1
d) hostname default
A. erase hostname Router1 → Incorrect. erase is used to delete entire files, like the startup-config.
B. delete hostname Router1 → Incorrect. delete is used to remove files from flash memory.
✅ C. no hostname Router1 → Correct. The no prefix is the standard command to negate or remove a configuration statement.
D. hostname default → Incorrect. This is not a valid command to remove a hostname configuration.
A device prompt shows R1(config)#. Which of the following commands can be successfully run from this mode?
a) enable
b) show running-config
c) configure terminal
d) hostname HQ-Router
A. enable → Incorrect. This command is run from user EXEC mode to enter privileged EXEC mode.
B. show running-config → Incorrect. This is a privileged EXEC command and must be preceded by do to work in this mode.
C. configure terminal → Incorrect. This command is run from privileged EXEC mode to enter global configuration mode.
✅ D. hostname HQ-Router → Correct. Setting the hostname is a valid global configuration command.
What is the primary purpose of the command service password-encryption?
a) To create a strong, hashed password for privileged mode.
b) To apply weak encryption to all plaintext passwords in the config.
c) To force users to create complex passwords.
d) To encrypt traffic passing through the router.
A. To create a strong, hashed password for privileged mode. → Incorrect. This is the function of the enable secret command.
✅ B. To apply weak encryption to all plaintext passwords in the config. → Correct. It applies weak, reversible Type 7 encryption to any password not already strongly encrypted.
C. To force users to create complex passwords. → Incorrect. This command does not enforce password complexity rules.
D. To encrypt traffic passing through the router. → Incorrect. This is unrelated to traffic encryption, which is handled by protocols like IPsec.
To enter global configuration mode, an administrator must first be in which mode?
a) User EXEC mode
b) Interface configuration mode
c) Privileged EXEC mode
d) ROMMON mode
A. User EXEC mode → Incorrect. You must first elevate your privileges from user EXEC mode.
B. Interface configuration mode → Incorrect. This is a sub-mode of global configuration; you would have to exit first.
✅ C. Privileged EXEC mode → Correct. The configure terminal command can only be run from privileged EXEC mode (#).
D. ROMMON mode → Incorrect. ROMMON is a recovery mode and is separate from the normal IOS modes.
After issuing the enable command and entering the correct password, what prompt will be displayed?
a) Router>
b) Router#
c) Router(config)#
d) Router(config-if)#
A. Router> → Incorrect. This is the user EXEC mode prompt, where you start from.
✅ B. Router# → Correct. The # symbol indicates you have successfully entered privileged EXEC mode.
C. Router(config)# → Incorrect. This is the global configuration prompt, which requires another command (configure terminal).
D. Router(config-if)# → Incorrect. This is an interface-specific configuration prompt.
What is the lowest privilege level mode in Cisco IOS?
a) Global configuration
b) Privileged EXEC
c) User EXEC
d) Interface configuration
A. Global configuration → Incorrect. This mode has high privileges, allowing device-wide changes.
B. Privileged EXEC → Incorrect. This mode has elevated privileges for viewing and managing the device.
✅ C. User EXEC → Correct. User EXEC mode is the entry-level mode with a very limited, non-disruptive command set.
D. Interface configuration → Incorrect. This is a sub-mode of global configuration with high privileges.
An engineer types sh? at the Router# prompt. What is the expected result?
a) The command will fail.
b) The router will display all commands that begin with “sh”.
c) The router will execute the show command.
d) The router will display a brief explanation of the show command.
A. The command will fail. → Incorrect. This is a valid use of context-sensitive help.
✅ B. The router will display all commands that begin with “sh”. → Correct. A partial command followed immediately by a ? lists all commands that start with those letters.
C. The router will execute the show command. → Incorrect. The router will wait for the command to be completed.
D. The router will display a brief explanation of the show command. → Incorrect. This happens when you type show ? (with a space).
A network administrator is viewing the startup-config and notices it is out of date. Which command will overwrite the startup-config with the device’s currently active configuration?
a) show running-config
b) erase startup-config
c) copy startup-config running-config
d) write memory
A. show running-config → Incorrect. This command only displays the running configuration, it does not save it.
B. erase startup-config → Incorrect. This command deletes the startup-config but does not replace it with the running-config.
C. copy startup-config running-config → Incorrect. This command copies the old startup-config into the running-config, which is the reverse of the desired action.
✅ D. write memory → Correct. This is a legacy command that is equivalent to copy running-config startup-config, saving the active config to NVRAM.
An engineer is looking at the following output: enable secret 5 $1$mER9$p525N05LcAe.BfX90p401. Which command’s output is this line a part of?
a) show ip interface brief
b) show startup-config
c) show version
d) show controllers
A. show ip interface brief → Incorrect. This command displays the status of interfaces, not configuration details.
✅ B. show startup-config → Correct. This command displays the saved configuration file, which would contain the hashed enable secret password line.
C. show version → Incorrect. This command displays IOS version, uptime, and hardware information.
D. show controllers → Incorrect. This command shows low-level hardware information about interfaces.
What is the primary risk of using the enable password command without also configuring an enable secret?
a) It prevents remote access to the device.
b) It can be easily deciphered if the configuration file is viewed.
c) It is not compatible with the service password-encryption command.
d) It disables the console port.
A. It prevents remote access to the device. → Incorrect. This command does not affect remote access protocols like SSH or Telnet.
✅ B. It can be easily deciphered if the configuration file is viewed. → Correct. The Type 7 encryption used on this password is weak and easily reversible, posing a security risk.
C. It is not compatible with the service password-encryption command. → Incorrect. service password-encryption is specifically designed to encrypt these types of passwords.
D. It disables the console port. → Incorrect. This command is unrelated to the operational state of the console port.
A technician needs to move from interface configuration mode, indicated by R1(config-if)#, directly back to privileged EXEC mode. Which command will accomplish this most efficiently?
a) exit
b) disable
c) end
d) quit
A. exit → Incorrect. This command moves up only one level, from (config-if)# to (config)#.
B. disable → Incorrect. disable is a command used to return to user EXEC mode from privileged EXEC mode.
✅ C. end → Correct. The end command (or Ctrl-Z) exits all configuration modes and returns directly to privileged EXEC mode.
D. quit → Incorrect. This is not a valid Cisco IOS command for changing modes.
Which two pieces of information are stored in a device’s RAM? (Choose two.)
a) The startup configuration file
b) The Cisco IOS image
c) The running configuration file
d) The bootstrap program
e) The ARP cache
A. The startup configuration file → Incorrect. The startup-config is stored in non-volatile NVRAM.
B. The Cisco IOS image → Incorrect. The IOS is loaded from Flash into RAM, but is primarily stored in Flash. RAM holds the running IOS, not the stored image file.
✅ C. The running configuration file → Correct. The active configuration of the device is always held in volatile RAM.
D. The bootstrap program → Incorrect. The bootstrap program is stored in ROM.
✅ E. The ARP cache → Correct. Dynamic tables like the ARP cache and routing table are built and stored in RAM.
A new router is powered on for the first time. From which type of memory does it load the startup-config file?
a) ROM
b) Flash
c) RAM
d) NVRAM
A. ROM → Incorrect. ROM contains the bootstrap program and a minimal IOS, not the user’s configuration.
B. Flash → Incorrect. Flash memory stores the main Cisco IOS software image file.
C. RAM → Incorrect. RAM is volatile and is empty on boot; the startup-config is loaded into RAM.
✅ D. NVRAM → Correct. Non-Volatile RAM is specifically used to store the startup configuration so it persists through power cycles.
An administrator types conf t at the Router# prompt and is taken to the Router(config)# prompt. What command did they just use?
a) A shortcut for configure terminal.
b) A command to begin a configuration transfer.
c) A command to test the configuration.
d) A shortcut for confirm transfer.
✅ A. A shortcut for configure terminal. → Correct. Cisco IOS allows for commands to be abbreviated as long as the abbreviation is unique. conf t is the standard shortcut for configure terminal.
B. A command to begin a configuration transfer. → Incorrect. File transfers use commands like copy.
C. A command to test the configuration. → Incorrect. Configuration is tested by applying it and observing behavior, not with a specific test command.
D. A shortcut for confirm transfer. → Incorrect. This is not a valid Cisco IOS command.
What is the main difference between the running-config and the startup-config?
a) The running-config is in NVRAM; the startup-config is in RAM.
b) The running-config is the active config; the startup-config is the backup config loaded on boot.
c) The running-config cannot be modified; the startup-config can.
d) The running-config only shows interface settings; the startup-config shows all settings.
A. The running-config is in NVRAM; the startup-config is in RAM. → Incorrect. The locations are reversed.
✅ B. The running-config is the active config; the startup-config is the backup config loaded on boot. → Correct. The running-config contains the live, active settings, while the startup-config is the saved version used as the starting point on reboot.
C. The running-config cannot be modified; the startup-config can. → Incorrect. The running-config is what you modify when making live changes.
D. The running-config only shows interface settings; the startup-config shows all settings. → Incorrect. Both files contain the full configuration of the device.
If the service password-encryption command has not been run, which password type in the configuration file would be visible in clear text?
a) Passwords set with enable secret.
b) Passwords set for console line access.
c) Passwords encrypted with Type 5.
d) Passwords set for SSH access.
A. Passwords set with enable secret. → Incorrect. enable secret passwords are always strongly hashed using MD5 regardless of this service.
✅ B. Passwords set for console line access. → Correct. Passwords set under line con 0 or line vty are stored in plaintext unless this service is enabled.
C. Passwords encrypted with Type 5. → Incorrect. Type 5 is the strong hash used by enable secret, which is never in clear text.
D. Passwords set for SSH access. → Incorrect. SSH does not store passwords in the configuration; it uses usernames configured with a secret or relies on public-key crypto.
-
Day 1 - Network Devices22
-
Day 2 - Interfaces and Cables50
-
Day 3 - OSI Model50
-
Day 4 - Intro Into CLI27
-
Day 4 - Intro to CLI (Commands)6
-
Day 5 - Ethernet Lan Switching (Part 1)30
-
Day 6 - Ethernet Lan Switching (Part 2)35
-
Day 9 - Switch Interfaces32
-
Day 9 - Switch Interfaces (Commands)8
-
Day 16 - VLANS (Part 1)21
-
Day 16 - VLANS (Commands, Part 1)15
-
Day 17 - VLANS (Commands, Part 2)18
