Exam 300-730 topic 1 question 178 discussion

A. LDAPS is correct https://community.cisco.com/t5/security-knowledge-base/password-management-with-ldap-vs-radius-for-vpn-users/ta-p/3147278

https://community.cisco.com/t5/security-knowledge-base/password-management-with-ldap-vs-radius-for-vpn-users/ta-p/3147278

To meet the security requirements of forcing AnyConnect users to use complex passwords, warning users before their password expires, and allowing users to change their password during a remote access session, the authentication protocol that must be used is RADIUS (Remote Authentication Dial-In User Service). RADIUS is a widely used authentication protocol that provides centralized authentication, authorization, and accounting for remote access. It supports a variety of authentication methods, including the ability to enforce complex password policies and password expiration warnings. Additionally, RADIUS allows users to change their passwords during a remote access session, providing flexibility and convenience. On the other hand, LDAPS (LDAP over SSL/TLS) is a secure version of the LDAP protocol used for directory services. While LDAPS can provide secure authentication, it does not inherently include the ability to enforce complex passwords, password expiration warnings, or support password changes during a remote access session. Therefore, to meet the specified security requirements, the authentication protocol that must be used is RADIUS.

https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/vpn-groups.html

IMO, this one should be A. Also according to Cisco tips: To enforce complex passwords—for example, to require that a password contain upper- and lowercase letters, numbers, and special characters—enter the password-management command in tunnel-group general-attributes configuration mode on the ASA and perform the following steps under Active Directory. https://www.cisco.com/c/en/us/td/docs/security/asa/asa97/configuration/vpn/asa-97-vpn-config/vpn-groups.html