Free Preparation Discussions
MENU
CompTIA CAS-005 Exam - Topic 3 Question 22 Discussion
Topic #: 3
A global company with a remote workforce implemented a new VPN solution. After deploying the VPN solution to several hundred users, the help desk starts receiving reports of slow access to both internally and externally available applications. A security analyst reviews the following:
VPN client routing: 0.0.0.0/0 eth1
Which of the following solutions should the analyst use to fix this issue?
The routing entry 0.0.0.0/0 forces all traffic from remote clients---including traffic destined for the public internet---through the VPN tunnel. This is called full-tunnel VPN routing. While it ensures strong security by forcing all traffic to pass through corporate controls, it can also overload VPN gateways and cause slow access to both internal and external applications, as seen in this scenario.
The correct fix is to enable split tunneling (B). Split tunneling allows only corporate traffic (e.g., private IP ranges or internal applications) to flow through the VPN, while internet-bound traffic routes directly to the internet. This reduces congestion on VPN concentrators, improves performance for remote users, and ensures efficient use of bandwidth.
Moving servers to a screened subnet (A) relates to internal segmentation but does not fix the VPN bottleneck. NAC (C) enforces device compliance but does not address routing inefficiencies. DNS over HTTPS (D) secures name resolution but is unrelated to network congestion.
Thus, enabling split tunneling balances security and performance for remote workers.
Lemuel
18 hours agoMerilyn
6 days agoElli
11 days agoCaprice
16 days agoKatie
21 days agoTherese
27 days agoAnnamae
1 month agoKanisha
1 month agoAlbina
1 month agoAnika
2 months agoCherri
2 months agoNickolas
2 months agoNickole
2 months agoSherrell
2 months agoJohanna
3 months agoGeraldo
3 months agoVallie
3 months agoAndrew
3 months agoUla
2 months ago