Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Cisco Exam 300-730 Topic 7 Question 99 Discussion

Actual exam question for Cisco's 300-730 exam
Question #: 99
Topic #: 7
[All 300-730 Questions]

Users are getting untrusted server warnings when they connect to the URL https://asa.lab from their browsers. This URL resolves to 192.168.10.10, which is the IP address for a Cisco ASA configured for a clientless VPN. The VPN was recently set up and issued a certificate from an internal CA server. Users can connect to the VPN by ignoring the message, however, when users access other webservers that use certificates issued by the same internal CA server, they do not experience this issue. Which action resolves this issue?

Show Suggested Answer Hide Answer
Suggested Answer: B

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html


by Jaleesa at Sep 17, 2024, 05:34 AM

Limited Time Offer

25%

Off

Get Premium 300-730 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Estrella
1 months ago
I'm with Bobbie on this one. D is the way to go. IP addresses are so much easier to remember than those pesky domain names. And who needs security anyway?
upvoted 0 times
...
Daniela
1 months ago
Hold up, did someone say 'Cisco ASA'? This is like a dream come true for me. I'd go with A, just for the nostalgia factor.
upvoted 0 times
Brett
21 days ago
User 2: Yeah, that sounds like the right move. It should resolve the issue.
upvoted 0 times
...
Caren
25 days ago
User 1: I think we should import the CA that signed the certificate into the machine trusted root CA store.
upvoted 0 times
...
...
Phyliss
2 months ago
This one's easy, folks. B is the way to go. Reissuing the certificate with the correct domain name is the cleanest solution.
upvoted 0 times
...
Bobbie
2 months ago
Hmm, I think D is the right answer. Updating the certificate with the IP address should do the trick. Who needs domain names anyway? 192.168.10.10 is the future!
upvoted 0 times
...
Belen
2 months ago
I'd say C is the way to go. Putting the CA certificate in the user's trusted store makes the most sense since it's a client-side issue.
upvoted 0 times
Howard
18 days ago
D doesn't seem like the right choice. Reissuing the certificate with 192.168.10.10 in the subject common name field doesn't address the root of the issue.
upvoted 0 times
...
Isadora
25 days ago
B could also be a solution. Reissuing the certificate with asa.lab in the subject alternative name field might help.
upvoted 0 times
...
Evangelina
1 months ago
I agree with you, C seems like the best option. Importing the CA into the user trusted root CA store should fix the problem.
upvoted 0 times
...
Charlena
1 months ago
I think A might work too. Importing the CA into the machine trusted root CA store could resolve the issue.
upvoted 0 times
...
...
Denna
2 months ago
The answer has to be A. Importing the CA certificate into the trusted root store is the way to go. Ignore those pesky warnings and get that VPN connection working smoothly.
upvoted 0 times
Shenika
2 months ago
C) Import the CA that signed the certificate into the user trusted root CA store.
upvoted 0 times
...
Nell
2 months ago
B) Reissue the certificate with asa.lab in the subject alternative name field.
upvoted 0 times
...
Kerrie
2 months ago
A) Import the CA that signed the certificate into the machine trusted root CA store.
upvoted 0 times
...
...
Micah
2 months ago
I'm not sure, but I think option C) Import the CA that signed the certificate into the user trusted root CA store might also work. It's worth considering both options.
upvoted 0 times
...
Tammi
3 months ago
I agree with Toi. By importing the CA into the machine trusted root CA store, the browser will trust the certificate and the warning will not appear.
upvoted 0 times
...
Toi
3 months ago
I think the answer is A) Import the CA that signed the certificate into the machine trusted root CA store.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77