CompTIA
CAS-003 · Question #638
CAS-003 Question #638: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-003 to reveal the answer and full explanation for question #638. The question stem and answer options stay visible for context.
Question
An enterprise is configuring an SSL client-based VPN for certificate authentication. The trusted root certificate from the CA is imported into the firewall, and the VPN configuration in the firewall is configured for certificate authentication. Signed certificates from the trusted CA are distributed to user devices. The CA certificate is set as trusted on the end-user devices, and the VPN client is configured on the end-user devices. When the end users attempt to connect however, the firewall rejects the connection after a brief period. Which of the following is the MOST likely reason the firewall rejects the connection?
Options
- AIn the firewall, compatible cipher suites must be enabled
- BIn the VPN client, the CA CRL address needs to be specified manually
- CIn the router, IPSec traffic needs to be allowed in bridged mode
- DIn the CA. the SAN field must be set for the root CA certificate and then reissued
Unlock CAS-003 to see the answer
You've previewed enough free CAS-003 questions. Unlock CAS-003 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.