SNCF — Securing Networks with Firepower — Question 251

A VPN administrator converted an instance of Cisco Secure Firewall Threat Defense, which is managed by Cisco Secure Firewall Management Center, from using LDAP to LDAPS for remote access VPN authentication. Which certificate must be added to allow for remote users to authenticate over the VPN?

Answer options

• A. Secure Firewall Threat Defense certificate must be added to the LDAPS server
• B. LDAPS server certificate must be added to Secure Firewall Management Center realms
• C. Secure Firewall Management Center certificate must be added to the LDAPS server
• D. LDAPS server certificate must be added to Secure Firewall Threat Defense

Correct answer: D

Explanation

The correct answer is D because the LDAPS server certificate must be installed on Secure Firewall Threat Defense to establish a trusted connection for authentication. Options A and C are incorrect as they refer to certificates that do not need to be added to the respective servers for this scenario. Option B is also wrong since the LDAPS server certificate should not be added to Secure Firewall Management Center realms.