Authentication Schemes on Cisco ASA for Unique Key Generation | CCIE Security Exam

Which Authentication Scheme Generates a Unique Key on Cisco ASA?

Prev Question Next Question


Which authentication scheme, that is supported on the Cisco ASA, generates a unique key that is used in a single password challenge?



Click on the arrows to vote for the correct answer

A. B. C. D.


The authentication scheme supported on Cisco ASA that generates a unique key that is used in a single password challenge is A. one-time passwords.

One-time passwords (OTP) are temporary passwords that are generated for a single login session or transaction, providing a higher level of security than traditional passwords. OTPs are generated using various methods, such as time-based, event-based, or challenge-response.

In the case of Cisco ASA, OTPs can be generated using the Time-based One-Time Password (TOTP) algorithm, which is based on a shared secret key between the user and the authentication server. This shared secret key is used to generate a unique six or eight-digit code that is valid for a short period of time, typically 30 seconds.

To use OTP authentication on Cisco ASA, the following steps are required:

  1. Configure an OTP server that supports TOTP, such as Cisco Identity Services Engine (ISE) or a third-party OTP server.

  2. Create a user account on the OTP server and associate it with the Cisco ASA device.

  3. Configure the Cisco ASA device to use OTP authentication for specific VPN or ASDM users.

  4. Install an OTP client app on the user's device, such as Google Authenticator or RSA SecurID, and scan the QR code provided by the OTP server to generate the OTP codes.

  5. When the user attempts to log in to the VPN or ASDM, they will be prompted to enter their username and OTP code. The Cisco ASA device will verify the OTP code with the OTP server and allow access if the code is valid.

In summary, one-time passwords are a secure authentication method that generates a unique key for each login session or transaction. Cisco ASA supports OTP authentication using TOTP, which requires an OTP server, user accounts, and an OTP client app to generate the OTP codes.