Cisco Certified Internetwork Expert (CCIE) Practice Test

Which Cisco ASA firewall mode supports ASDM one-time-password authentication using RSA SecurID?

• A. Network translation mode
• B. Single-context routed mode
• C. Multiple-context mode
• D. Transparent mode

The correct answer is: Single-context routed mode

The correct response focuses on the functionality of Single-context routed mode concerning ASDM one-time-password authentication with RSA SecurID. In this mode, the Cisco ASA firewall operates in a traditional routed mode where traffic is processed through interfaces that have their own IP addresses. This operational framework supports enhanced security features, including the integration with RSA SecurID for two-factor authentication through the Adaptive Security Device Manager (ASDM). ASDM is a graphical interface that facilitates the configuration and management of the ASA firewall, and deploying one-time passwords enhances security by requiring users to provide a code generated by their RSA SecurID tokens, thereby verifying their identity and access level. The capability to implement such robust authentication methods is a hallmark of the single-context routed mode. In contrast, while other modes like multiple-context mode or transparent mode provide specific routing and security functionalities, they may not support certain authentication schemes in the same way, particularly in the context of ASDM functionality. Network translation mode, on the other hand, relates primarily to address translation features, lacking the same comprehensive application integration for authentication as seen in the single-context routed mode.