Here is the difference EAP-AnyConnect is a proprietary auth method to connect clients via Flex local database. However, at a minimum the server requires a certificate to identify itself to the client... The client uses the password/username to auth method to a username line on the router. So, the certificate is the minimum for either option.
From the URL in the solution box:
Configure
Authentication and Authorization of users with the Local Database
Note: In order to authenticate users against the local database on the router, EAP needs to be used. However, to use EAP, the local authentication method must be rsa-sig, so the router needs a proper identity certificate, and it cannot use a self-signed certificate."
To use local authentication for Cisco AnyConnect Secure Mobility Clients connecting to a FlexVPN server, you would need to use the AnyConnect profile. The AnyConnect profile allows you to define the authentication method as "Local" within the XML configuration file. This allows users to authenticate using the local user database on the FlexVPN server itself. EAP-AnyConnect, on the other hand, is used for authentication methods that rely on external authentication servers such as RADIUS or LDAP.
I think the answer should be "B". AnyConnect-EAP, also known as aggregate authentication, allows a Flex Server to authenticate the AnyConnect client via the Cisco proprietary AnyConnect-EAP method.
Link:
https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html#toc-hId-812524821
When utilizing local authentication for Cisco AnyConnect Secure Mobility Clients connecting to a FlexVPN server, certificates are typically used as the authentication method. This means that instead of using a traditional username and password, the client presents a valid certificate to authenticate with the server.
I would go for A
see
https://www.cisco.com/c/en/us/support/docs/security/flexvpn/200555-FlexVPN-AnyConnect-IKEv2-Remote-Access.html
Authenticating and Authorizating users using the Local Database
Note:
In order to authenticate users against the local database on the router, EAP needs to be used. However, in order to use EAP, the local authentication method has to be rsa-sig, so the router needs a proper certificate installed on it, and it can't be a self-signed certificate.
This section is not available anymore. Please use the main Exam Page.300-730 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ahmadpbi
3 weeks, 2 days agoDGriff
2 months, 2 weeks agoiratus_umbra
5 months agoRosh8787
1 year, 4 months agokylesam2017
1 year, 4 months agokylesam2017
1 year, 4 months agoKhs01
1 year, 9 months agoNet4dd
2 years, 2 months agoDante8880
2 years, 4 months agoDante8880
2 years, 4 months agoScaX
2 years, 5 months agoNullNull88
2 years, 6 months ago