CompTIA Security+ SY0-601 – Question517

An organization routes all of its traffic through a VPN. Most users are remote and connect into a corporate data
center that houses confidential information. There is a firewall at the internet border, followed by a DLP
appliance, the VPN server, and the data center itself. Which of the following is the weakest design element?


A.
The DLP appliance should be integrated into a NGFW.
B. Split-tunnel connections can negatively impact the DLP appliance's performance.
C. Encrypted VPN traffic will not be inspected when entering or leaving the network.
D. Adding two hops in the VPN tunnel may slow down remote connections.

Correct Answer: C