Refer to the exhibit. An engineer must block access to the console ports for all corporate remote Cisco devices based on the recent corporate security policy but the security team still can connect through the console port.
Which configuration on the console port resolves the issue?
To block access to console ports on Cisco devices while still allowing certain authorized personnel to connect, the 'no exec' command is used. This command prevents anyone from entering EXEC mode on the console, making the console port effectively disabled for command input. Use of 'no exec' on the console port is a common practice to enhance security by preventing unauthorized users from gaining access.
Provided answer is correct For reference see: https://community.cisco.com/t5/routing/no-exec/td-p/3715737
Is D just because they are talking about the config. If you want to protect the console access using some credentials you can use login local or just login, you can also use an authentication list that is gonna check an AD user for accessing the console port via tacacs. In this case login and password is not a valid command. The command that we maybe need is the no exec command just because someone is connecting to the switch via cable and if the enable goes well they are in. So with this command they block the exec mode in the switch so the console is pretty useless
For be more specific they are blocking the exec mode (enable) to the line con 0 so only on the console port
D - https://www.cisco.com/c/en/us/td/docs/app_ntwk_services/waas/waas/v401_v403/command/reference/cmdref/execmds.html
Can someone please explain what makes the security team able to connect please ?
Selected answer D is correct, but please note "transport input none" would be a better solution in real life.
"no exec" on line console 0 "prevents anyone to use the console" . "transport input none" would only work for VTY lines
option correct is "D" https://www.tenable.com/audits/items/CIS_Cisco_IOS_15_v4.0.1_Level_1.audit:f6d68c36cfcc77325b421f9865134f41