Which statement about securing TLS connections on the ESA is true?

– by 3

Which statement about securing TLS connections on the ESA is true?
A. The preconfigured demonstration certificate installed on the ESA can establish a secure, verifiable TLS connection
B. It you apply a certificate to an ESA in cluster mode. it is automatically propagated to the other ESAs in the cluster.
C. Self-signed certificates and certificates can provide a verifiable connection
The ESA supports certificates in PKCS#7 and PKCS#12 format
D. Certificates that are imported to secure TLS connections can also be used by other services on the ESA including LDAPS and HTTPS
E. The ESA encrypts all messages with a certificate before sending them over a TLS connection
F. After a certificate is applied to an ESA Cluster using centralized management , new devices added to the cluster automatically adopt the existing certificate

cisco-exams

3 thoughts on “Which statement about securing TLS connections on the ESA is true?

  1. D is correct

    An administrator might desire to create a self-signed certificate on the appliance for any of these reasons:
    In order to encrypt the SMTP conversations with other MTAs that use TLS (both inbound and outbound conversations)
    In order to enable the HTTPS service on the appliance for access to the GUI via HTTPS
    For use as a client certificate for Lightweight Directory Access Protocols (LDAPs), if the LDAP server requires a client certificate

    A is not correct.

    The ESA comes pre-configured with a demonstration certificate that can be used in order to establish TLS connections. While the demonstration certificate is sufficient for the establishment of a secure TLS connection, be aware that it cannot offer a verifiable connection.

    C is not correct

    The certificate from a CA is desirable over the self-signed certificate because a self-signed certificate is similar to the previously mentioned demonstration certificate, which cannot offer a verifiable connection.

    Reply

  2. should be D according to harry’s URL:

    Upload the Signed Certificate to the ESA

    After the CA returns the trusted public certificate that is signed by a private key, you must upload the signed certificate to the ESA. The certificate can then be used with a public or private listener, an IP interface HTTPS service, the LDAP interface, or all outbound TLS connections to the destination domains.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.