Implementing Secure Solutions with Virtual Private Networks (SVPN) — Question 72

A network engineer has almost finished setting up a clientless VPN that allows remote users to access internal HTTP servers. Users must enter their username and password twice: once on the clientless VPN web portal and again to log in to internal HTTP servers. The Cisco ASA and the HTTP servers use the same Active Directory server to authenticate users. Which next step must be taken to allow users to enter their password only once?

Answer options

• A. Use LDAPS and add password management to the clientless tunnel group.
• B. Configure auto-sign-on using NTLM authentication.
• C. Set up the Cisco ASA to authenticate users via a SAML 2.0 IDP.
• D. Create smart tunnels for the HTTP servers.

Correct answer: B

Explanation

The correct answer is B, as NTLM authentication allows for seamless single sign-on, enabling users to authenticate once without requiring a second password entry for HTTP servers. Option A is incorrect because while LDAPS can secure LDAP traffic, it does not address the issue of multiple password prompts. Option C is not the right choice either, since SAML 2.0 is more suited for web-based authentication scenarios, and option D does not facilitate single sign-on for the user credentials.