Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 522

A network administrator is shipping a Cisco ASA to a remote retail site. The administrator wants to ensure that the device configuration cannot be accessed by someone at the site with physical access and a console cable. Which command must be used to mitigate this risk?

Answer options

• A. aaa authentication console
• B. config-register 0x00000041
• C. no service password-recovery
• D. no service sw-reset-button

Correct answer: C

Explanation

The command 'no service password-recovery' is the correct choice as it disables the password recovery feature, preventing unauthorized access to the device configuration through physical means. Options A and D do not address the risk of console access, and option B is related to changing the configuration register, which does not directly prevent access via the console.