ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-501 All Questions

View all questions & answers for the SY0-501 exam
Go to Exam

Exam SY0-501 topic 1 question 845 discussion

Actual exam question from CompTIA's SY0-501
Question #: 845
Topic #: 1
[All SY0-501 Questions]

A systems administrator needs to configure an SSL remote access VPN according to the following organizational guidelines:
✑ The VPN must support encryption of header and payload.
✑ The VPN must route all traffic through the company's gateway.
Which of the following should be configured on the VPN concentrator?

  • A. Full tunnel
  • B. Transport mode
  • C. Tunnel mode
  • D. IPSec
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by CoRell at Aug. 13, 2020, 3:23 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ibrahim_aj
Highly Voted 4 years, 9 months ago
the answer should be A. it said all traffic must pass the company gateway and full tunnel provide that along with payload encryption. https://oregonstate.teamdynamix.com/TDClient/1935/Portal/KB/ArticleDet?ID=53430
upvoted 17 times
jas26says
4 years, 8 months ago
Agree.
upvoted 3 times
...
...
jama
Highly Voted 4 years, 9 months ago
the first requirement "VPN must support encryption of header and payload" is tunnel mode the second requirement "VPN must route all traffic through the company's gateway" is a full tunnel. So it is tunnel mode in full tunnel.
upvoted 12 times
Heymannicerouter
4 years, 1 month ago
tunnel mode is specific to IPsec, not SSL VPN.
upvoted 2 times
...
...
StickyMac
Most Recent 4 years ago
this is what is found: Tunnel mode is most commonly used between gateways (Cisco routers or ASA firewalls), or at an end-station to a gateway, the gateway acting as a proxy for the hosts behind it. Tunnel mode is used to encrypt traffic between secure IPSec Gateways, for example two Cisco routers connected over the Internet via IPSec
upvoted 1 times
...
Mohawk
4 years, 1 month ago
exam training has it as A
upvoted 2 times
...
lapejor
4 years, 4 months ago
For SSL VPN (NOT IP SEC) there are only two modes web and tunnel mode, tunnel mode in SSL VPN is a full tunnel https://docs.fortinet.com/document/fortigate/6.0.0/handbook/42802/ssl-vpn-modes-of-operation
upvoted 3 times
mcNik
4 years, 3 months ago
Absolutely agree, correct answer here is A , check Messer and Gibson, Full tunnel definitely.
upvoted 4 times
...
...
DookyBoots
4 years, 8 months ago
It is SSL remote access not IPSec. There are 2 modes for SSL VPNs Full tunnel and Split tunnel. Full tunnel supports header and payload encryption.
upvoted 2 times
...
babati
4 years, 9 months ago
Question is asking about SSL VPN, not IPsec VPN. IPsec uses AH or ESP for authentication. Also it can be configured to either Transport or Tunnel mode. The question is asking about what should be configured on the VPN concentrator. Full tunnel must be the answer.
upvoted 9 times
babati
4 years, 9 months ago
A TLS VPN (still more commonly referred to as an SSL VPN) requires a remote access server listening on port 443 (or any arbitrary port number). The client makes a connection to the server using TLS so that the server is authenticated to the client (and optionally the client's certificate must be authenticated by the server). This creates an encrypted tunnel for the user to submit authentication credentials, which would normally be processed by a RADIUS server. Once the user is authenticated and the connection fully established, the RAS server tunnels all communications for the local network over the secure socket.
upvoted 2 times
...
...
CoRell
4 years, 9 months ago
Can only be B or C. Because B doesn't encrypt the header but the question specifies this as a requirement, it must be C (tunnel mode).
upvoted 5 times
exiledwl
4 years, 5 months ago
No the requirement of 'all traffic passing through vpn' implies the answer is A: full tunnel
upvoted 3 times
FNavarro
4 years, 3 months ago
This. Tunnel mode is just generalization. You need a full tunnel as opposed to a split tunnel
upvoted 1 times
Heymannicerouter
4 years, 1 month ago
tunnel mode refers to IPsec VPN when the entire packet, including header, is encrypted.
upvoted 1 times
...
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel