SNCF — Securing Networks with Firepower — Question 238

Users report that Cisco Duo 2FA fails when they attempt to connect to the VPN on a Cisco Secure Firewall Threat Defense (FTD) device. IT staff have VPN profiles that do not require multifactor authentication and they can connect to the VPN without any issues. When viewing the VPN troubleshooting log in Cisco Secure Firewall Management Center (FMC), the network administrator sees an error that the Cisco Duo AAA server has been marked as failed. What is the root cause of the issue?

Answer options

• A. AD Trust certificates are missing from the Secure FTD device.
• B. Multifactor authentication is not supported on Secure FMC managed devices.
• C. The internal AD server is unreachable from the Secure FTD device.
• D. Duo trust certificates are missing from the Secure FTD device.

Correct answer: D

Explanation

The correct answer is D because the absence of Duo trust certificates on the Secure FTD device would prevent successful 2FA authentication through Cisco Duo. Option A is incorrect as AD Trust certificates specifically relate to Active Directory integration, which is not the issue here. Option B is incorrect since multifactor authentication can be supported on Secure FMC managed devices. Option C is not relevant as the problem is related to Duo trust certificates, not connectivity to the internal AD server.