300-730 Question #225: Real Exam Question with Answer & Explanation

Question

webvpn
enable outside
http-only-cookie enable
svc ask none default svc enable
port-forward auto

Options

• AThe svc ask none command is blocking the required Java plug-ins for the app.
• BThe port-forward auto command is preventing the ASA from recognizing the Java plug-ins, causing the plug-in to be blocked.
• CThe http-only-cookie command prevents the Java plug-ins from accessing the session cookie, causing the app to fail.
• DThe enable outside command is misconfigured and blocking external web traffic.

Explanation

The http-only-cookie enable command sets the HTTPOnly attribute on Clientless SSL VPN session cookies, which blocks Java plug-ins from reading the session cookie and causes Java-dependent web apps to fail.

Common mistakes.

• A. The svc ask none default svc command controls which VPN mode is offered to connecting clients by default and has no effect on Java plug-in loading or functionality within a Clientless SSL VPN session.
• B. The port-forward auto command enables Clientless SSL VPN port forwarding for TCP-based application proxying and does not interfere with Java plug-in detection or execution in the WebVPN portal.
• D. The enable outside command is the standard, required syntax to activate WebVPN on the outside interface of the ASA; it does not selectively block external web traffic or Java plug-in content when correctly configured.

Concept tested. ASA Clientless SSL VPN http-only-cookie blocking Java plug-ins

Reference. https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/vpn/asa-96-vpn-config/vpn-webvpn.html

No community discussion yet for this question.