You are using ASDM to verify a VPN configuration made by another administrator on an ASA. Please click
exhibit to examine the network configuration.Exhibit:
A user accesses the VPN by typing https://203.0.113.1/default in a browser’s location bar. Which of the
following methods will authenticate the user? (Select 2 choices.)
A.
a RADIUS server
B.
a TACACS+ server
C.
the HTTP credentials
D.
the local database
E.
a certificate
Explanation:
A user who accesses the virtual private network (VPN) by typing https://203.0.113.1/default in a browser’s
location bar will be authenticated by using both the Cisco Adaptive Security Appliance (ASA) Authentication,
Authorization, and Accounting (AAA) local database and by using a certificate. In this scenario, the defaultalias
is associated with the DefaultWEBVPNGroup connection profile. You can determine which profile uses the
alias by navigating to Configuration > Remote Access VPN > Clientless SSL VPN Access > Connection
Profiles in Cisco Adaptive Security Device Manager (ASDM), as shown in the following exhibit:Based on the exhibit above, you can determine that the DefaultWEBVPNGroupconnection profile is configured
with two authentication methods: AAA(LOCAL) and Certificate. Although multiple AAA servers can be
configured for a single connection profile, in this scenario only the AAA(LOCAL) AAA server is configured for
the DefaultWEBVPNGroup connection profile. If you were to select the DefaultWEBVPNGroup connection
profile, you could modify the way in which default users authenticate to the VPN, as shown in the following
exhibit:The AAA Server Group dropdown menu enables you to select a different AAA authentication server if one has
been configured. If a server other than LOCAL is selected, you can select the Use LOCAL if Server Group fails
check box to use the local database as a backup authentication method for whatever AAA server is in use.Cisco: Configuring Clientless SSL VPN: Configuring Clientless SSL VPN Access (PDF)