Last Updated on August 3, 2021 by Admin 3
Which of the following statements is true regarding the Cisco IOS Resilient Configuration feature? (Select the best answer.)
- Extra space is not required to secure the primary IOS image file.
- Image or configuration mismatches are not automatically detected.
- Only remote storage can be used for securing configuration files.
- The feature can be disabled remotely.
Extra space is not required to secure the primary IOS image file with the Cisco IOS Resilient Configuration feature. The Resilient Configuration feature is designed to protect system and configuration files from tampering and accidental deletion. You can issue the following block of commands to enable the Resilient Configuration feature:
Router#configure terminal Router(config)#secure boot-image Router(config)#secure boot-config
When the feature is enabled, the primary system image file and associated running configuration are securely archived in local persistent storage? you cannot select a remote storage location. The secure bootimage command enables the image resilience component of the Resilient Configuration feature and effectively hides the system image from the directory structure. This means that the system image will no longer be displayed when the dir command is issued from the command prompt of an EXEC shell? you can issue the show secure bootset command to verify that the system image has been archived. In addition, because the system image file is not copied to a secure location, extra storage is not required to secure it. By contrast, the secure bootconfig command creates a hidden copy of the running configuration file. The secured versions of the system image and running configuration are referred to as the primary bootset.
You can restore either or both components of the primary bootset at any time. The system image can be restored from readonly memory (ROM) monitor (ROMmon) mode and the running configuration can be restored from the global configuration mode by using the restore parameter of the secure bootconfig command. Once the system image and running configuration have been secured, the router will track version mismatches and produce a console message if the system image or running configuration have mismatched versions. Once the Resilient Configuration feature is enabled, it can only be disabled from the console.