350-701 · Question #271
Refer to the exhibit. When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with
The correct answer is B. Method. This question asks which Cisco ASA VPN configuration item must be modified to combine external token authentication with AAA machine certificate authentication.
Question
Refer to the exhibit. When configuring a remote access VPN solution terminating on the Cisco ASA, an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication using machine certificates. Which configuration item must be modified to allow this?
Exhibit
Options
- AGroup Policy
- BMethod
- CSAML Server
- DDHCP Servers
How the community answered
(59 responses)- A5% (3)
- B71% (42)
- C15% (9)
- D8% (5)
Why each option
This question asks which Cisco ASA VPN configuration item must be modified to combine external token authentication with AAA machine certificate authentication.
Group Policy defines user attributes and access rights *after* authentication, such as authorized networks, split tunneling, or DNS servers, but it does not define the primary authentication method itself.
On a Cisco ASA, the 'Method' or 'Authentication Method' configuration setting within a tunnel group or connection profile is used to define the sequence and types of authentication mechanisms for VPN users. To utilize both external token authentication and AAA authentication with machine certificates, the administrator must configure this method to combine these two authentication types in the desired order.
SAML Server refers to configuring a Security Assertion Markup Language identity provider. While SAML can be an authentication protocol, configuring the SAML server itself is about *which* server to use, not the specific sequence of multiple authentication methods (like token + certificate) on the ASA.
DHCP Servers are used for assigning IP addresses to VPN clients *after* they have successfully authenticated and established a VPN connection; they are not involved in the authentication process itself.
Concept tested: Cisco ASA VPN authentication methods
Source: https://www.cisco.com/c/en/us/td/docs/security/asa/asa98/configuration/vpn/asa-98-vpn-config/vpn-remote-access.html
Topics
Community Discussion
No community discussion yet for this question.
