ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 300-730 All Questions

View all questions & answers for the 300-730 exam
Go to Exam

Exam 300-730 topic 1 question 157 discussion

Actual exam question from Cisco's 300-730
Question #: 157
Topic #: 1
[All 300-730 Questions]

An engineer is requesting an SSL certificate for a VPN load-balancing cluster in which two Cisco ASAs provide clientless SSLVPN access. The FQDN that users will enter to access the clientless VPN is asa.example.com, and users will be redirected to either asa1.example.com or asa2.example.com. The cluster FQDN and individual Cisco ASAs FQDNs resolve to IP addresses 192.168.0.1, 192.168.0.2, and 192.168.0.3 respectively. The issued certificate must be able to be used to validate the identity of either ASA in the cluster without returning any certificate validation errors. Which fields must be included in the certificate to meet these requirements?

  • A. CN=*.example.com, SAN=asa.example.com
  • B. CN=192.168.0.1, SAN=asa1.example.com, asa2.example.com
  • C. CN=asa.example.com, SAN=asa.example.com, asa1.example.com, asa2.example.com
  • D. CN=192.168.0.1, SAN=192.168.0.1, 192.168.0.2, 192.168.0.3
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by red_sparrow_Gr at Feb. 9, 2023, 7:58 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
kylesam2017
10 months, 3 weeks ago
To meet the requirements of validating the identity of either ASA in the cluster without returning any certificate validation errors, the certificate must include the Common Name (CN) for the specific FQDN used by users and Subject Alternative Names (SAN) for all possible FQDNs. Therefore, the correct fields for the certificate would be: CN=asa.example.com, SAN=asa.example.com, asa1.example.com, asa2.example.com This ensures that the certificate is valid for the specific FQDN (asa.example.com) and also includes Subject Alternative Names for the individual FQDNs of both ASAs (asa1.example.com and asa2.example.com). This way, users connecting to the VPN load-balancing cluster using any of these FQDNs will not encounter certificate validation errors. The wildcard option (CN=*.example.com) may not cover all required FQDNs in this specific scenario.
upvoted 3 times
...
gondohwe
1 year ago
WRONG answer as exam topic is well known for among sites lol
upvoted 1 times
...
gondohwe
1 year ago
i choose C
upvoted 2 times
...
Anonymous983475
1 year, 5 months ago
Selected Answer: C
Only C makes sense.
upvoted 2 times
...
Net4dd
1 year, 8 months ago
Selected Answer: C
C is correct. otherwise it will fails to validate the certificate if the proper FQDNs are not in the SANs: https://integratingit.wordpress.com/2020/03/14/asa-vpn-load-balancing/
upvoted 2 times
...
red_sparrow_Gr
1 year, 9 months ago
Selected Answer: C
It should be C
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago