The login block-for command sets a limit on the maximum number of failed login attempts allowed within a defined period of time. If this limit is exceeded, no further logins are allowed for the specified period of time. This feature is designed to protect the router from denial-of-service and dictionary attacks. The syntax of the command is as follows:
login block-for attempts within
The parameter specifies the duration of the quiet period in seconds. The parameter specifies the number of failed attempts that trigger the quiet period. The parameter specifies the time window in seconds for counting the failed attempts.
In this question, the command login block-for 100 attempts 4 within 60 means that if four failures occur in 60 seconds, the router goes to quiet mode for 100 seconds. During the quiet period, no login attempts are accepted, and the router responds with the message “Login disabled for seconds due to too many failed login attempts.” After the quiet period expires, the router resumes normal login operations.
The other options are incorrect because they do not match the command syntax or the expected behavior of the login block-for feature.
References :=
Some possible references for this question are:
User Security Configuration Guide - Cisco IOS Login Enhancements-Login Block
Configuring Login Block
Restrict login attempts : login block-for command
When applied to a router, which command would help mitigate brute-force password attacks against the router?
