Implementing and Operating Cisco Security Core Technologies (SCOR) — Question 566

How does a Cisco Secure Web Appliance integrated with LDAP handle the permissions of a currently logged in Active Directory group member when the Active Directory administrator changes the permissions of the user's group mid session?

Answer options

• A. If the Cisco Secure Client Mobility Client is configured on the endpoint to provide Active Directory updates, the Cisco Secure Web Appliance changes the user's permissions immediately when alerted by the client.
• B. If the Cisco Secure Web Appliance is configured to receive real-time updates from the Active Directory user agent, it changes the user's permissions immediately when the agent sends the update.
• C. The Cisco Secure Web Appliance terminates the current session and prompts the user to re-authenticate in order to update the effective permissions.
• D. The Cisco Secure Web Appliance continues to operate using the permissions that were in effect when the user logged in for the duration of the user's session.

Correct answer: D

Explanation

The correct answer is D because the Cisco Secure Web Appliance maintains the permissions that were in place at the time of login for the duration of the session. Options A and B are incorrect as they imply immediate updates, which do not happen mid-session. Option C is also incorrect because the appliance does not terminate the session for permission changes during the session.