Implementing Cisco Secure Mobility Solutions (SIMOS, legacy) — Question 25

Why must a network engineer avoid usage of the default X509 certificate when implementing clientless SSLVPN on an ASA?

Answer options

• A. The certificate is too weak to provide adequate security.
• B. The certificate is regenerated at each reboot.
• C. The certificate must be managed by the local CA.
• D. The default X.509 certificate is not supported for SSLVPN.

Correct answer: C

Explanation

The correct answer is C because clientless SSLVPN requires a certificate that is issued by a local Certificate Authority (CA) to ensure proper trust and management. Option A is incorrect as the default certificate may be strong enough, B is false because it is the management aspect that is critical, and D is not accurate since the default certificate can technically be used but is not advisable.