Exam 300-730 topic 1 question 122 discussion

to all the ppl who are saying exclude, specify = traffic matching the ACL will be sent as a clear text while the rest of the traffic will be encrypted/tunnelled. enlighten me: how is the admin going to know your private network? let's say your is 172.16.1.x and mine is 10.11.22.x or whatever. Help me out on how to figure this one out. tunnel specified = matching the ACL will be encrypted and rest of the traffic will be in clear text -> admin knows their netowrks, correct?

To guarantee that remote access users can reach printers on their local LAN while sending all other traffic over the VPN tunnel, the split-tunnel policy that reduces configuration on the ASA headend is "exclude specified." The "exclude specified" split-tunnel policy allows you to define specific traffic or subnets that should not be sent over the VPN tunnel. In this case, you would specify the printers' IP addresses or the subnet they belong to in the split-tunnel configuration. By using the "exclude specified" split-tunnel policy, you only need to define the IP addresses or subnets that should bypass the VPN tunnel. All other traffic will automatically be sent over the VPN tunnel, simplifying the configuration on the ASA headend. This approach allows remote access users to access printers on their local LAN directly, without routing that traffic through the VPN tunnel, while still ensuring that all other traffic is securely transmitted over the tunnel

It could be B.... but how do you know the "local network" where the users are conecting from? It could be their home, a restaurant, an airport... so how do you know which network to exclude only? I would go with C. Tunnel the network I know for sure it is on the company.

B is correct since the local printer traffic is to be restricted from traversing the tunnel

B - because it refers to the printer /local network to be excluded C - nor correct , because the example does not refer to specify the headquarters range to pe sent over tunnel Like always the questions are f,,ed up to raise doubt on your judgement

B is the correct answer here

You could in theory "tunnel specified" and list every subnet aside from the local one in the split tunnel list, but that is cumbersome and clearly not the best answer from the "reduce the configuration" requirement. Exclude only the local subnet and continue with your day.

you need to send everything via the tunnel, only the local LAN would go vi the PC NIC, so the answer would be exclude specified