PrepAway - Latest Free Exam Questions & Answers

What is the default modulus size that is used to create…

What is the default modulus size that is used to create a selfsigned certificate for SSL authentication on a Cisco
ASA? (Select the best answer.)

PrepAway - Latest Free Exam Questions & Answers

A.
512 bits

B.
768 bits

C.
1,024 bits

D.
2,048 bits

Explanation:
The default modulus size that is used to create a selfsigned certificate for Secure Sockets Layer (SSL)
authentication on a Cisco Adaptive Security Appliance (ASA) is 1,024 bits. If no trust point has been configured,
an ASA dynamically generates a selfsigned certificate when an SSL connection is first established. For
example, when a Secure Hypertext Transfer Protocol (HTTPS) or a Cisco Adaptive Security Device Manager
(ASDM) connection is made to the ASA, a selfsigned certificate is used to authenticate the ASA to the browser
or ASDM client. You can view selfsigned certificates in ASDM by opening the Configuration > Remote Access
VPN > Certificate Management > Identity Certificates pane. You can identify a selfsigned certificate in
the Identity Certificatespane by looking for a certificate with identical values in the Issued To and Issued
Byfields. After selecting a certificate, you can click the Show Details button to display detailed information about
the certificate. Below, you can see a selfsigned certificate associated with ASDM_Trustpoint0 and with a
modulus of 1,024 bits:

Alternatively, you can examine a certificate by using a modern web browser. When a web browser or ASDM
session is presented with a selfsigned certificate, it will issue a warning to indicate that it cannot verify the
certificate with a root certificate authority (CA). Below, you can see an example of the warning information
presented by a browserbased HTTPS session that receives a selfsigned certificate:

You can view the details of the certificate by clicking the Certificate information link, which will display the
information about the contents of the certificate. You can determine that a certificate is selfsigned by noting that
the Issued to and Issued by fields in the certificate contain the same value, as shown in the example below:

You can click the Details tab to view the contents of the certificate. Because this example is from an ASA with a
default configuration, you can see in the following exhibit that the modulus size in the Public key field is 1,024
bits:

Cisco: Cisco ASA 5500 Series Command Reference: crypto key generate rsa


Leave a Reply