nerdexam
F5

101 · Question #548

An administrator needs a remote VPN solution for corporate users. The existing network infrastructure has web-based services. The administrator needs to select the VPN that is the least complicated to

The correct answer is A. IPSec. IPSec is natively supported across most enterprise routers, firewalls, and operating systems, making it the least complicated VPN to deploy in an existing corporate infrastructure.

Section 4: Security Basics

Question

An administrator needs a remote VPN solution for corporate users. The existing network infrastructure has web-based services. The administrator needs to select the VPN that is the least complicated to deploy. Which VPN solution should the administrator choose?

Options

  • AIPSec
  • BL2TP
  • CSSL
  • DPPTP

How the community answered

(38 responses)
  • A
    76% (29)
  • B
    13% (5)
  • C
    8% (3)
  • D
    3% (1)

Why each option

IPSec is natively supported across most enterprise routers, firewalls, and operating systems, making it the least complicated VPN to deploy in an existing corporate infrastructure.

AIPSecCorrect

IPSec is embedded natively in enterprise network devices and modern operating systems, requiring no additional gateway software or separate client stack beyond what is already present in most corporate environments. Because it operates at Layer 3 and is supported by the broadest range of hardware and OS vendors, integrating it into an existing infrastructure involves the least additional deployment effort. L2TP, SSL, and PPTP each introduce additional layering, software requirements, or known weaknesses that add complexity by comparison.

BL2TP

L2TP lacks built-in encryption and must be combined with IPSec to be secure, adding a second protocol layer and increasing deployment complexity.

CSSL

SSL VPN requires a dedicated gateway or web portal component and additional configuration for clientless or client-based access, adding overhead not present in a native IPSec deployment.

DPPTP

PPTP is deprecated due to serious known cryptographic vulnerabilities in its MS-CHAPv2 authentication, making it unsuitable for any modern corporate VPN deployment regardless of simplicity.

Concept tested: VPN protocol selection for enterprise remote access

Source: https://www.cisco.com/c/en/us/support/docs/ip/ip-security-ipsec/14136-IPsec-deploy.html

Topics

#VPN#IPSec#SSL VPN#remote access

Community Discussion

No community discussion yet for this question.

Full 101 Practice