ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 517 discussion

Actual exam question from CompTIA's SY0-601
Question #: 517
Topic #: 1
[All SY0-601 Questions]

An organization routes all of its traffic through a VPN. Most users are remote and connect into a corporate data center that houses confidential information. There is a firewall at the internet border, followed by a DLP appliance, the VPN server, and the data center itself. Which of the following is the weakest design element?

  • A. The DLP appliance should be integrated into a NGFW.
  • B. Split-tunnel connections can negatively impact the DLP appliance's performance.
  • C. Encrypted VPN traffic will not be inspected when entering or leaving the network.
  • D. Adding two hops in the VPN tunnel may slow down remote connections.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by mtnews at July 11, 2023, 1:07 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
ApplebeesWaiter1122
Highly Voted 1 year, 11 months ago
Selected Answer: C
In this scenario, the weakest design element is that encrypted VPN traffic will not be inspected when entering or leaving the network. Since the traffic is encrypted, the DLP (Data Loss Prevention) appliance will not be able to inspect the content of the data packets passing through the VPN tunnel. This lack of inspection can potentially allow malicious or unauthorized data to be transmitted without detection. To enhance security, it is essential to implement a solution that allows for the inspection of encrypted VPN traffic. One approach is to deploy a next-generation firewall (NGFW) with SSL/TLS decryption capabilities. The NGFW can decrypt the VPN traffic, inspect it for potential threats or sensitive data, and then re-encrypt it before sending it to its destination. By doing so, the organization can maintain security while still enabling remote users to access corporate resources through the VPN.
upvoted 21 times
CS3000
1 year, 10 months ago
You're mentioning a security risk, not a design element.
upvoted 2 times
...
...
Paula77
Most Recent 1 year, 4 months ago
Selected Answer: B
When users connect via split-tunnel VPNs, their internet-bound traffic doesn’t pass through the corporate data center. As a result: The DLP appliance does not inspect internet-bound traffic. The firewall at the internet border does not filter this traffic. While this design optimizes internet performance for users, it weakens security. The DLP appliance’s effectiveness relies on inspecting all traffic, including internet-bound data. By excluding this traffic, the organization risks data leakage or policy violations.
upvoted 1 times
...
cyberPunk28
1 year, 6 months ago
Selected Answer: C
C. Encrypted VPN traffic will not be inspected when entering or leaving the network.
upvoted 1 times
...
CS3000
1 year, 10 months ago
Selected Answer: A
A. The DLP appliance should be integrated into an NGFW (Next-Generation Firewall). Integrating the DLP appliance into a NGFW would enhance the overall security posture. A NGFW combines traditional firewall functionality with advanced security features such as intrusion prevention, application awareness, and content filtering. This integration would allow for more effective handling of data loss prevention and security monitoring. Option C (Encrypted VPN traffic not being inspected) is indeed a concern, but it's a limitation imposed by the necessity of maintaining the security and privacy of VPN traffic, rather than a design choice.
upvoted 1 times
Kingbumi777
1 year, 9 months ago
DLP cannot read VPN encrypted data.
upvoted 3 times
...
...
Gamsje
1 year, 11 months ago
Can anyone explain all options ?
upvoted 3 times
...
mtnews
1 year, 11 months ago
Selected Answer: C
DLP won't be able to inspect data that is passing through a VPN
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel