Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 131

An administrator is deciding which authentication protocol should be implemented for their upcoming Cisco AnyConnect deployment. A list of the security requirements from upper management are: the ability to force AnyConnect users to use complex passwords such as C1$c0451035084!, warn users a few days before their password expires, and allow users to change their password during a remote access session. Which authentication protocol must be used to meet these requirements?

Answer options

• A. LDAPS
• B. RADIUS
• C. Kerberos
• D. TACACS+

Correct answer: A

Explanation

LDAPS is required because it supports complex password policies, can notify users about upcoming password expirations, and allows password changes during remote sessions. RADIUS and TACACS+ do not provide the same level of password management features, while Kerberos is generally not used for these specific requirements in the context of Cisco AnyConnect.