ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-730 All Questions

View all questions & answers for the 300-730 exam
Go to Exam

Exam 300-730 topic 1 question 142 discussion

Actual exam question from Cisco's 300-730
Question #: 142
Topic #: 1
[All 300-730 Questions]

Why must a network engineer avoid usage of the default X.509 certificate when implementing clientless SSLVPN on an ASA?

  • A. The certificate must be managed by the local CA.
  • B. The certificate is regenerated at each reboot.
  • C. The default X.509 certificate is not supported for SSLVPN.
  • D. The certificate is too weak to provide adequate security.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by mazinhoo at Jan. 19, 2023, 2:25 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
pfrank
1 year ago
B is the correct answer. By default, the ASA generates a self-signed X.509 certificate upon startup. This certificate is used in order to serve client connections by default. It is not recommended to use this certificate because its authenticity cannot be verified by the browser. Furthermore, this certificate is regenerated upon each reboot so it changes after each reboot. https://www.cisco.com/c/en/us/support/docs/security-vpn/webvpn-ssl-vpn/119417-config-asa-00.html
upvoted 1 times
...
JacK3412345
1 year ago
Selected Answer: B
By default, the ASA generates a self-signed X.509 certificate upon startup. This certificate is used in order to serve client connections by default. It is not recommended to use this certificate because its authenticity cannot be verified by the browser. Furthermore, this certificate is regenerated upon each reboot so it changes after each reboot. https://www.cisco.com/c/en/us/support/docs/security-vpn/webvpn-ssl-vpn/119417-config-asa-00.html
upvoted 1 times
...
kylesam2017
1 year, 1 month ago
"A" seems to be the right answer here.
upvoted 1 times
...
securekonspiracia
1 year, 2 months ago
Selected Answer: B
Question is about default certificate (self-signed, self generated) - By default, the ASA generates a self-signed X.509 certificate upon startup
upvoted 1 times
...
Yupata
1 year, 3 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
Net4dd
1 year, 11 months ago
Selected Answer: B
B is correct
upvoted 1 times
...
mazinhoo
2 years ago
Selected Answer: B
By default, the ASA generates a self-signed X.509 certificate upon startup. This certificate is used in order to serve client connections by default. It is not recommended to use this certificate because its authenticity cannot be verified by the browser. Furthermore, this certificate is regenerated upon each reboot so it changes after each reboot. https://www.cisco.com/c/en/us/support/docs/security-vpn/webvpn-ssl-vpn/119417-config-asa-00.html
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel