300-730 Question #42: Real Exam Question with Answer & Explanation

Question

Options

• AWhen a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the client uses the local DNS to perform FQDN resolution.
• BThe rewriter enable command under the global webvpn configuration enables the rewriter functionality because that feature is disabled by default.
• CA Cisco ASA can simultaneously allow Clientless SSL VPN sessions and AnyConnect client sessions.
• DWhen a client connects to the Cisco ASA WebVPN portal and tries to access HTTP resources through the URL bar, the ASA uses its configured DNS servers to perform FQDN resolution.
• EClientless SSLVPN provides Layer 3 connectivity into the secured network.

Explanation

Cisco ASA Clientless SSL VPN can simultaneously support both clientless and AnyConnect sessions, and the ASA proxies all client requests using its own configured DNS servers for FQDN resolution.

Common mistakes.

• A. The client does not use local DNS for FQDN resolution in Clientless SSL VPN because all requests are proxied through the ASA, which handles DNS resolution itself using its configured servers.
• B. The content rewriter is enabled by default in Clientless SSL VPN; there is no 'rewriter enable' command required to activate it under global webvpn configuration.
• E. Clientless SSL VPN does not provide Layer 3 connectivity - it offers application-layer access to proxied web resources only, unlike AnyConnect which delivers a full Layer 3 IP tunnel.

Concept tested. Cisco ASA Clientless SSL VPN session types and DNS proxying

Reference. https://www.cisco.com/c/en/us/td/docs/security/asa/asa96/configuration/vpn/asa-96-vpn-config/vpn-clientless.html

No community discussion yet for this question.