Exam 350-701 topic 1 question 124 discussion

C - is correct. Method (A) is already specified in the question if you read it closely. It wants external tokens when the configuration is set to local. C is what needs to be changed.

AAA server group is correct. It's looking for what to use in conjunction with AAA. The method is already selected. Most likely you will change the "local" under server group to "ldap" to use AD for authentication rather than local creds defined on the ASA.

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client-v4x/212483-configure-asa-as-the-ssl-gateway-for-any.html

C - AAA method is already set, but "local" needs to be changed - as mentioned below

Answer A

Method offers following options to select: - AAA - AAA and certificate - Certificate only - SAML - Multiple certificates and AAA - Multiple certificates In order to utilize an external token authentication mechanism in conjunction with AAA authentication using maching certificates you must change the method to "AAA and certificate". Answer is A = Method.

Thx @psuoh for the YT link. Answer A it is - Method.

C - to my understanding secondary authentication tokens are configured ander sever groups: https://kb.swivelsecure.com/w/index.php/Cisco_AnyConnect

The key here is "conjunction with AAA authentication using machine certificates". To use machine certificate as authentication method we need to change Method from AAA to AAA + certificate as a first step. Then we need to create AAA group of type RADIUS/SDI (depends of integration type with Token solution) and change the AAA server group from LOCAL to group we created as the second step. Actually both A and C are correct, but A needs to be first.

It is A, the Method dictates what security mechanism to use, aaa server group defines those mechanisms.

A. Method - In order to use AAA along with an external token authentication mechanism, set the Method as “Both” in the Authentication. We don't just use AAA in this case.

The correct answer is A- Method. Select method then from the drop down then select AAA and Certificates option.

Hi Guys, appreciate all your answers. Question says "an administrator would like to utilize an external token authentication mechanism in conjunction with AAA authentication" which is the Method we all know! I think they are asking next in the configuration -> AAA Server Group options. Hope this helps. Thanks

https://i.imgur.com/sdfzVeC.png https://www.youtube.com/watch?v=Er5toSsbM8I

It should be A

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client-v4x/212483-configure-asa-as-the-ssl-gateway-for-any.html

Must be method based on the documentation.