exam questions

Exam Essentials All Questions

View all questions & answers for the Essentials exam

Exam Essentials topic 1 question 59 discussion

Actual exam question from WatchGuard's Essentials
Question #: 59
Topic #: 1
[All Essentials Questions]

In a Mobile VPN configuration, why would you choose default route VPN over split tunnel VPN? (Select one.)

  • A. Default route VPN allows your Firebox to examine all remote user traffic
  • B. Default route VPN uses less bandwidth
  • C. Default route VPN uses less processing power
  • D. Default route VPN automatically allows dynamic NAT
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Arjjra
Highly Voted 4 years, 2 months ago
This answer is incorrect. Should be answer A. Internet Access Options for Mobile VPN Users For Mobile VPN with IPSec and Mobile VPN with SSL, you have two options for Internet access for your Mobile VPN users: Force all client traffic through tunnel (default-route VPN) The most secure option is to require that all remote user Internet traffic is routed through the VPN tunnel to the Firebox. Then, the traffic is sent back out to the Internet. With this configuration (known as default-route VPN), the Firebox is able to examine all traffic and provide increased security, although it uses more processing power and bandwidth. Allow direct access to the Internet (split tunnel VPN) Another configuration option is to enable split tunneling. With this option, your users can browse the Internet, but Internet traffic is not sent through the VPN tunnel. Split tunneling improves network performance, but decreases security because the policies you create are not applied to the Internet traffic. If you use split tunneling, we recommend that each client computer have a software firewall.
upvoted 17 times
...
Maik
Highly Voted 3 years, 5 months ago
Answer A is correct
upvoted 9 times
...
BradKenn75
Most Recent 5 months, 1 week ago
Definitely A, the only reason we "default route" BoVPN traffic is so we don't have to buy subscription services on both endpoint FW's, route all traffic through host site allows use of subscription services from single site.
upvoted 1 times
...
memorx
10 months, 1 week ago
Selected Answer: A
A is correct
upvoted 1 times
...
zoodata
12 months ago
Selected Answer: A
A is the correct answer
upvoted 1 times
...
Ari2x
1 year, 4 months ago
Selected Answer: A
IT IS A
upvoted 1 times
...
Turak64
1 year, 5 months ago
Selected Answer: A
Dynamic NAT isn't why you'd use a full tunnel over split. Using the default route means all traffic goes through the firebox, rather than just the routes configured by the VPN.
upvoted 1 times
...
Satornjkk
2 years, 5 months ago
A.Enforce all user traffic make firebox can filter logged and inspection also.
upvoted 2 times
...
payzey
2 years, 8 months ago
A: Default route VPN allows your Firebox to examine all remote user traffic Default-route (full tunnel) is the most secure option because it routes all Internet traffic from a remote user through the VPN tunnel to the Firebox. Then, the traffic is sent back out to the Internet. With this configuration, the Firebox can examine all traffic and provide increased security. Be aware that this option requires more processing power and bandwidth. If you select Routed VPN traffic in the Mobile VPN with SSL configuration, and you do not force all client traffic through the tunnel (split-tunnel), you must configure the allowed resources for the SSL VPN users. If you select Specify allowed resources or Allow access to all Trusted, Optional and Custom networks, only traffic to those resources is sent through the VPN tunnel. All other traffic goes directly to the Internet and the network that the remote SSL VPN user is connected to. This option can affect your security because any traffic sent to the Internet or the remote client network is not encrypted or subject to the policies you configured on the Firebox.
upvoted 2 times
...
[Removed]
2 years, 8 months ago
A is the correct answer. Some Firewall vendors call this "Full Tunnel", meaning all traffic is routed via the VPN to the Firewall for inspection. Split-Tunnel is where only LAN based traffic is routed to the firewall, internet destined traffic doesn't enter the VPN. A is correct
upvoted 2 times
...
mmamlouk
2 years, 10 months ago
I think the Answer is A
upvoted 5 times
...
KiwiTech
2 years, 11 months ago
A is the correct answer
upvoted 5 times
...
Thresmonkey
3 years ago
"Default-route is the most secure option because it routes all Internet traffic from a remote user through the VPN tunnel to the Firebox. Then, the traffic is sent back out to the Internet. With this configuration, the Firebox can examine all traffic and provide increased security. Be aware that this option requires more processing power and bandwidth."
upvoted 3 times
...
Tejen
3 years, 5 months ago
When you use default-route VPN, a dynamic NAT policy must include the outgoing traffic from the remote network. This allows remote users to browse the Internet when they send all traffic to the Firebox.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago