CompTIA
CAS-002 · Question #1
CAS-002 Question #1: Real Exam Question with Answer & Explanation
The correct answer is C: Split tunneling is disabled. When split tunneling is disabled, all remote user traffic is forced through the VPN concentrator rather than only corporate-bound traffic, increasing bandwidth utilization on the concentrator.
Question
A telecommunication company has recently upgraded their teleconference systems to multicast. Additionally, the security team has instituted a new policy which requires VPN to access the company's video conference. All parties must be issued a VPN account and must connect to the company's VPN concentrator to participate in the remote meetings. Which of the following settings will increase bandwidth utilization on the VPN concentrator during the remote meetings?
Options
- AIPSec transport mode is enabled
- BICMP is disabled
- CSplit tunneling is disabled
- DNAT-traversal is enabled
Explanation
When split tunneling is disabled, all remote user traffic is forced through the VPN concentrator rather than only corporate-bound traffic, increasing bandwidth utilization on the concentrator.
Common mistakes.
- A. IPSec transport mode encrypts only the payload rather than encapsulating the entire packet as tunnel mode does, which reduces overhead and would not increase bandwidth utilization.
- B. Disabling ICMP reduces traffic by blocking ping and related control messages, which would decrease rather than increase bandwidth utilization.
- D. NAT-traversal (NAT-T) encapsulates IPSec traffic in UDP to traverse NAT devices; while it adds minor overhead, it is an enablement feature and does not substantially increase bandwidth on the concentrator during meetings.
Concept tested. VPN split tunneling and bandwidth impact
Reference. https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-forced-tunneling
Community Discussion
No community discussion yet for this question.