ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-730 All Questions

View all questions & answers for the 300-730 exam
Go to Exam

Exam 300-730 topic 1 question 163 discussion

Actual exam question from Cisco's 300-730
Question #: 163
Topic #: 1
[All 300-730 Questions]

Users are getting untrusted server warnings when they connect to the URL https://asa.lab from their browsers. This URL resolves to 192.168.10.10, which is the IP address for a Cisco ASA configured for a clientless VPN. The VPN was recently set up and issued a certificate from an internal CA server. Users can connect to the VPN by ignoring the message, however, when users access other webservers that use certificates issued by the same internal CA server, they do not experience this issue. Which action resolves this issue?

  • A. Import the CA that signed the certificate into the machine trusted root CA store.
  • B. Reissue the certificate with asa.lab in the subject alternative name field.
  • C. Import the CA that signed the certificate into the user trusted root CA store.
  • D. Reissue the certificate with 192.168.10.10 in the subject common name field.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Net4dd at Feb. 22, 2023, 5:41 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kylesam2017
11 months ago
"B" is the correct answer here. Reissue the certificate with asa.lab in the Subject Alternative Name (SAN) field. Here's the reasoning: Subject Alternative Name (SAN): The SAN field in the certificate is used to specify additional host names for which the certificate is valid. If users are accessing the Cisco ASA via the URL https://asa.lab, the SAN field should include "asa.lab" to match the URL. This ensures that the certificate is valid for the specific host name users are using to access the VPN. Importing CA into Trusted Root CA Store: While importing the CA certificate into the user's trusted root CA store is a valid action in some scenarios, it might not directly address the issue with untrusted server warnings for the specific URL. Importing the CA certificate may be more relevant when users are experiencing issues with the CA chain and the trust of the CA itself. In this case, updating the certificate with the correct Subject Alternative Name (asa.lab) would be the more targeted and appropriate action to resolve the issue related to accessing the VPN URL.
upvoted 3 times
...
Net4dd
1 year, 9 months ago
A and C do not apply cause the users already have access to the Internal Web Servers: https://learn.microsoft.com/en-us/windows-hardware/drivers/install/local-machine-and-current-user-certificate-stores
upvoted 3 times
...
Net4dd
1 year, 9 months ago
Selected Answer: B
B should be the correct answer. https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/200339-Configure-ASA-SSL-Digital-Certificate-I.html
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel