Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 140

On an ASA with multiple connection profiles for different departments, what is the best design to ensure that AnyConnect users are assigned the correct connection profile based on their department and do not have the ability to choose a different connection profile?

Answer options

• A. group URL
• B. group alias
• C. dynamic access policy
• D. certificate mapping

Correct answer: D

Explanation

The correct answer is D, certificate mapping, as it allows for the automatic assignment of connection profiles based on the user's certificate, ensuring they are directed to the appropriate department profile without choice. Options A and B, group URL and group alias, do not provide the necessary control over user assignments. Option C, dynamic access policy, while useful for access control, does not specifically restrict users from selecting different profiles.