Cisco IOS security basics: Which exact command correctly sets the encrypted enable secret to the value Cisco?

Introduction / Context:
Privilege escalation in Cisco IOS uses an “enable” password or, preferably, an “enable secret” which is stored as a one-way hash. Using the correct command syntax is critical to secure privileged EXEC access.

Given Data / Assumptions:

• We want to set the secure enable secret value to the literal string “Cisco”.
• Commands are entered in global configuration mode.
• Case matters for the configured secret value.

Concept / Approach:
enable secret sets the hashed secret used when entering privileged EXEC mode. The older enable password stores a weakly encoded or cleartext value (unless type 5/9 via new syntax), so best practice is to use the “secret.” The keyword “password” does not appear in the correct command.

Step-by-Step Solution:

Verification / Alternative check:
Attempting enable from user EXEC prompts for the secret; entering “Cisco” should succeed. The enable password is ignored if an enable secret is configured.

Why Other Options Are Wrong:

• “enable secret password Cisco” contains an invalid extra keyword.
• “enable secret cisco” sets a different value (lowercase) and does not match the requested literal.
• “enable password Cisco” configures the weaker legacy mechanism.
• “service password-encryption Cisco” is a service toggle, not a way to set the secret.

Common Pitfalls:
Mismatched case; believing service password-encryption secures the enable password to the same standard as the secret; forgetting to save with write memory or copy run start.

Final Answer:
enable secret Cisco