LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

How do you secure privileged EXEC mode access, and why use enable secret instead of enable password?

Use enable secret password in global config — it stores a one-way hash (Type 5/MD5 on this classic IOS), whereas enable password is plaintext by default, so enable secret is always the right choice.

Switch(config)# enable secret class
Switch(config)# exit

Why use enable secret:

  • enable secret stores the password as a one-way hash — Type 5 (MD5) on the classic IOS taught here; newer IOS supports stronger algorithms (Type 8/9)
  • enable password stores the password in plaintext by default
  • If both are configured, enable secret takes precedence

Always use enable secret for privileged EXEC protection.

Go deeper:

  • doc Cisco IOS (Wikipedia) — the IOS password-storage model and why a hashed secret beats a plaintext password.

From Quiz: NETW1 / Basic Switch and End Device Configuration | Updated: Jul 05, 2026