nerdexam
(ISC)2

CISSP · Question #272

Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?

The correct answer is B. Simultaneous connection to other networks. When using a VPN, allowing users to simultaneously connect to other networks (split tunneling) creates a security risk by potentially bridging the secure VPN tunnel with an untrusted network.

Submitted by anjalisingh· Mar 5, 2026Communication and Network Security

Question

Which one of the following activities would present a significant security risk to organizations when employing a Virtual Private Network (VPN) solution?

Options

  • AVPN bandwidth
  • BSimultaneous connection to other networks
  • CUsers with Internet Protocol (IP) addressing conflicts
  • DRemote users with administrative rights

How the community answered

(23 responses)
  • A
    4% (1)
  • B
    78% (18)
  • C
    4% (1)
  • D
    13% (3)

Why each option

When using a VPN, allowing users to simultaneously connect to other networks (split tunneling) creates a security risk by potentially bridging the secure VPN tunnel with an untrusted network.

AVPN bandwidth

VPN bandwidth is a performance and capacity planning concern, not a direct security risk to the organization's network or data.

BSimultaneous connection to other networksCorrect

Simultaneous connection to other networks refers to split tunneling, where a VPN client is connected to both the secure corporate VPN and an external untrusted network (such as the public internet) at the same time. This creates a significant security risk because an attacker could use the unsecured connection as a pivot point to reach the corporate network through the VPN tunnel, effectively bypassing perimeter security controls.

CUsers with Internet Protocol (IP) addressing conflicts

IP addressing conflicts are a network configuration and connectivity issue that can disrupt VPN service, but they do not inherently introduce a security vulnerability or expose the organization to attack.

DRemote users with administrative rights

While remote users with administrative rights is a risk management concern related to least privilege, it is not a risk specific to VPN solutions themselves, and is a general access control issue that exists independently of VPN use.

Concept tested: VPN split tunneling security risks

Source: https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/vpn/vpn-routing

Topics

#VPN security#Split tunneling#Network security risks#Remote access

Community Discussion

No community discussion yet for this question.

Full CISSP Practice