Read the statement carefully. We are not talking about the "show run" (where passwords are not in plain-text) but about the "show archive log config all" (where passwords are visible). Answer is D.

D is correct: https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/15-sy/config-mgmt-15-sy-book/cm-config-logger.html

option D correct

Ref: Solved: Archive Command Question - Cisco Community Post by Latchum Naidu “Hi Pat, Router(config-archive-log-config)# hidekeys (hides passwords from being shown / logged) …” A. MASS-RTR(config)#aaa authentication arap Wrong answer. B. MASS-RTR(config-archive-log-cfg)#password encryption aes Wrong answer. C. MASS-RTR(config)#service password-encryption Wrong answer. D. MASS-RTR(config-archive-log-cfg)#hidekeys Correct answer.

Correct Answer D Last but not least, it might be a good idea not to store any passwords in the configuration change logs. You can use the following command to disable this: Router(config-archive-log-cfg)#hidekeys https://networklessons.com/cisco/ccie-routing-switching/configuration-change-notification-logging

D is correct

Totally agree : (Optional) Suppresses the display of password information in configuration log files.Enabling the "hidekeys command" increases security by preventing password information from being displayed in configuration log files.....https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/15-sy/config-mgmt-15-sy-book/cm-config-logger.pdf

Tested on the lab, the given answer is correct

The given answer is correct

Tested this on some live equipment, it's the hidekeys command.

i think its C