300-320 · Question #424
300-320 Question #424: Real Exam Question with Answer & Explanation
The correct answer is D: Clientless SSL VPNs provide more granular access control than SSL VPN clients (thin or thick),. Clientless SSL VPN (browser-based) provides more granular access control than SSL VPN clients because it allows administrators to define access to specific web applications and resources rather than granting full network tunnel access. With a thick/thin SSL VPN client, users typi
Question
Options
- AIt is recommended to place the VPN termination device in line with the Enterprise Edge firewall,
- BMaintaining access rules, based on the source IP of the client, on an internal firewall drawn from
- CVPN Headend routing using Reverse Route Injection (RRI) with distribution is recommended
- DClientless SSL VPNs provide more granular access control than SSL VPN clients (thin or thick),
Explanation
Clientless SSL VPN (browser-based) provides more granular access control than SSL VPN clients because it allows administrators to define access to specific web applications and resources rather than granting full network tunnel access. With a thick/thin SSL VPN client, users typically get broader network access (a full tunnel), making it harder to restrict access to individual resources. Option A is incorrect - VPN headends should be parallel to, not inline with, the firewall. Option B is unreliable because source IP addresses of VPN clients are often translated. Option C describes RRI, which aids routing but is not a primary access control consideration.
Community Discussion
No community discussion yet for this question.