Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 63

Why must a network engineer avoid usage of the default X.509 certificate when implementing clientless SSLVPN on an ASA?

Answer options

• A. The certificate must be managed by the local CA.
• B. The certificate is regenerated at each reboot.
• C. The default X.509 certificate is not supported for SSLVPN.
• D. The certificate is too weak to provide adequate security.

Correct answer: B

Explanation

The correct answer is B because the default X.509 certificate is regenerated each time the ASA reboots, which could lead to connection issues. Options A and C are incorrect as they do not accurately reflect the reason for avoiding the default certificate, and option D is also incorrect since the default certificate's strength is not the primary concern in this context.