300-730 Question #35: Real Exam Question with Answer & Explanation

The correct answer is D: Advanced Endpoint Assessment. Advanced Endpoint Assessment extends basic host scanning by adding remediation capabilities that can automatically update client components to satisfy enterprise security policy.

Question

A Cisco AnyConnect client establishes a SSL VPN connection with an ASA at the corporate office. An engineer must ensure that the client computer meets the enterprise security policy. Which feature can update the client to meet an enterprise security policy?

Options

AEndpoint Assessment
BCisco Secure Desktop
CBasic Host Scan
DAdvanced Endpoint Assessment

Explanation

Advanced Endpoint Assessment extends basic host scanning by adding remediation capabilities that can automatically update client components to satisfy enterprise security policy.

Common mistakes.

A. Endpoint Assessment (without 'Advanced') only performs posture checks and reports results; it cannot update or remediate non-compliant endpoints.
B. Cisco Secure Desktop provides a secure vault and session cleanup for remote sessions but does not assess or update security software on the endpoint.
C. Basic Host Scan only collects and reports endpoint posture information to the ASA; it has no capability to update or remediate the client.

Concept tested. AnyConnect Advanced Endpoint Assessment remediation capability

Reference. https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/asdm714/vpn/asdm-714-vpn-config/vpn-host-scan.html

Community Discussion

No community discussion yet for this question.

Full 300-730 Practice