Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 300-730 Topic 14 Question 80 Discussion

Actual exam question for Cisco's 300-730 exam
Question #: 80
Topic #: 14
[All 300-730 Questions]

An engineer is requesting an SSL certificate for a VPN load-balancing cluster in which two Cisco ASAs provide clientless SSLVPN access. The FQDN that users will enter to access the clientless VPN is asa.example.com, and users will be redirected to either asa1.example.com or asa2.example.com. The cluster FQDN and individual Cisco ASAs FQDNs resolve to IP addresses 192.168.0.1, 192.168.0.2, and 192.168.0.3 respectively. The issued certificate must be able to be used to validate the identity of either ASA in the cluster without returning any certificate validation errors. Which fields must be included in the certificate to meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: C

https://integratingit.wordpress.com/2020/03/14/asa-vpn-load-balancing/


by Gail at Feb 11, 2024, 08:05 AM

Limited Time Offer

25%

Off

Get Premium 300-730 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Maxima
5 months ago
I would go with option A as well, it seems simpler and covers the main requirements.
upvoted 0 times
...
Norah
5 months ago
I'm not sure, but I think including all the FQDNs in the SAN might be the best option.
upvoted 0 times
...
Essie
5 months ago
I disagree, I believe the correct answer is C) CN=asa.example.com, SAN=asa.example.com, asa1.example.com, asa2.example.com.
upvoted 0 times
...
Annabelle
5 months ago
I think the answer is A) CN=*.example.com, SAN=asa.example.com.
upvoted 0 times
...
Audry
6 months ago
Haha, imagine if the engineer asked for a certificate with just the IP addresses in the SAN. That would be a disaster waiting to happen!
upvoted 0 times
...
Celestina
6 months ago
Yeah, I agree with Norah. C seems like the most comprehensive option to meet the requirements. The CN and SAN fields should have the necessary information.
upvoted 0 times
Kanisha
5 months ago
It's important to have a comprehensive certificate to ensure smooth VPN access for users.
upvoted 0 times
...
Raymon
5 months ago
Agreed, we want to avoid any certificate validation errors when users access the VPN.
upvoted 0 times
...
Billy
5 months ago
I think having the common name and subject alternate names match the FQDNs is crucial for validation.
upvoted 0 times
...
Ocie
5 months ago
We should make sure all the necessary domains are included in the certificate.
upvoted 0 times
...
Jacquelyne
5 months ago
Definitely, that option covers all the needed FQDNs.
upvoted 0 times
...
Pamela
5 months ago
C) CN=asa.example.com, SAN=asa.example.com, asa1.example.com, asa2.example.com
upvoted 0 times
...
...
Norah
6 months ago
Exactly! It's crucial to have the FQDNs in the certificate, not just the IPs. Otherwise, it'll never work as expected.
upvoted 0 times
...
Stephaine
6 months ago
Oh man, that would be a nightmare. Can you imagine the users' faces when they try to connect and get certificate validation errors?
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77