Which statements about smart tunnels on a Cisco firewall are true? (Choose two.)
A.
Smart tunnels can be used by clients that do not have administrator privileges
B.
Smart tunnels support all operating systems
C.
Smart tunnels offer better performance than port forwarding
D.
Smart tunnels require the client to have the application installed locally
Explanation:
Smart Tunnel is also used to provide remote access to web applications that are
difficult to rewrite, such as proprietary, non-standards-based Java, Java Script, or
Flash animations.
Smart Tunnel also supports Single Sign-On to web applications that require either
form-based POST parameters, http basic, FTP, or NTLM authentication
Smart Tunnel can also co-exist with a Full-Tunnel VPN Client. For example, an
employee can connect to the company network by using Full-Tunnel VPN Client, while
simultaneously connecting to a vendor network by using Smart Tunnel.Smart Tunnel Advantages over Port-Forwarding, Plug-ins
Smart Tunnel offers better performance than browser plug-ins.
Port forwarding is the legacy technology for supporting TCP-based applications over a
Clientless SSL VPN connection. Unlike port forwarding, Smart Tunnel simplifies the
user experience by not requiring the user connection of the local application to the
local port.
Smart Tunnel does not require users to have administrator privileges.
Smart Tunnel does not require the administrator to know application port numbers in
advance.
A and C i think
https://www.cisco.com/c/dam/en/us/solutions/collateral/enterprise/design-zone-security/tunnel.pdf says that smart tunnels offer better performance than browser plug-ins, and better security than port forwarding. It also says …
1. Authenticate with the Clientless SSL VPN (such as https://myasa.example.com).
Native Client-Server Applications
2. From the main portal page, navigate to the Application Access Panel3.
3. As soon as the page loads, the browser downloads the necessary software modules to launch Smart Tunnel.
4. Launch any of the allowed native client-server applications to access remote corporate network using the Smart Tunnel.
This same question is asked elsewhere with A,C as the answers. I don’t know which is correct.
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_sslvpn/configuration/15-mt/sec-conn-sslvpn-15-mt-book/sec-conn-sslvpn-smart-tunnels-support.html
Definitely A and C
It cannot be B because:
The operating system of the host must be a 32-bit version of Microsoft Windows Vista or Windows XP or Windows 2000
It is not D because :
A smart tunnel is a connection between a TCP-based application and a private site using a clientless (browser based) SSL VPN session, where the SSL VPN gateway works as a pathway and as a proxy server. The Smart Tunnels Support feature is based on the method of modifying an existing default behavior of a TCP-based application that accesses internal resources using SSL VPN.