Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Cisco Exam 350-701 Topic 3 Question 95 Discussion

Actual exam question for Cisco's 350-701 exam
Question #: 95
Topic #: 3
[All 350-701 Questions]

An engineer must modify an existing remote access VPN using a Cisco AnyConnect Secure Mobility client solution and a Cisco Secure Firewall. Currently, all the traffic generate by the user Is sent to the VPN tunnel and the engineer must now exclude some servers and access them directly instead. Which element must be modified to achieve this goat?

Show Suggested Answer Hide Answer
Suggested Answer: D

To achieve the goal of excluding some servers from the VPN tunnel and accessing them directly, the engineer must modify the group policy that is applied to the remote access VPN users. The group policy contains the settings for split tunneling, which is a feature that allows the VPN client to route some traffic through the VPN tunnel and some traffic directly to the internet. Split tunneling can be configured based on the destination IP address, the application, or the domain name of the traffic. By modifying the group policy, the engineer can specify which servers or networks should be excluded from the VPN tunnel and accessed directly by the VPN client. This can improve the performance and efficiency of the VPN connection, as well as reduce the load on the VPN gateway and the corporate network. However, split tunneling also introduces some security risks, such as exposing the VPN client to internet threats, bypassing the corporate firewall and security policies, and leaking sensitive dat

a. Therefore, the engineer must carefully evaluate the trade-offs and best practices of using split tunneling for remote access VPNs.Reference:=

Implementing and Operating Cisco Security Core Technologies (SCOR) v1.0, Module 3: Secure Connectivity, Lesson 3.1: Implementing and Troubleshooting Remote Access VPN, Topic 3.1.4: Configure and Verify Remote Access VPN, Subtopic 3.1.4.2: Configure and Verify Split Tunneling

VPN Split Tunneling: What It Is & Pros and Cons

Cisco ASA - Enable Split Tunnel for Remote VPN Clients


Contribute your Thoughts:

Hortencia
2 months ago
I'm picturing the engineer right now, scratching their head and muttering, 'Routing table, where art thou?' Just another day in the life of a network admin.
upvoted 0 times
Yen
2 months ago
C) routing table
upvoted 0 times
...
Lettie
2 months ago
B) encryption domain
upvoted 0 times
...
Gail
2 months ago
A) NAT exemption
upvoted 0 times
...
...
Sabina
3 months ago
NAT exemption? Sounds like a fancy way to say 'let's just ignore the VPN and go straight to the servers.'
upvoted 0 times
Renay
1 months ago
No problem! Always happy to help.
upvoted 0 times
...
Ona
1 months ago
That makes sense. Thanks for clarifying!
upvoted 0 times
...
Ammie
1 months ago
Yes, NAT exemption is the correct answer. It allows certain traffic to bypass the VPN tunnel and access servers directly.
upvoted 0 times
...
Lenna
1 months ago
D) group policy
upvoted 0 times
...
Fabiola
1 months ago
C) routing table
upvoted 0 times
...
Martha
1 months ago
B) encryption domain
upvoted 0 times
...
Helene
2 months ago
A) NAT exemption
upvoted 0 times
...
...
Joseph
3 months ago
I agree with Cristal, NAT exemption makes the most sense in this scenario.
upvoted 0 times
...
Shasta
3 months ago
I think it could be D) group policy, as that controls user access permissions.
upvoted 0 times
...
Aileen
3 months ago
I disagree, I believe it's C) routing table that needs to be modified.
upvoted 0 times
...
Matthew
3 months ago
Hmm, group policy seems like the way to go. Who doesn't love a good policy to keep things in check?
upvoted 0 times
...
Kimbery
3 months ago
I'd go for the encryption domain. Sounds like the kind of thing that would let us bypass the VPN tunnel.
upvoted 0 times
...
Zana
3 months ago
The routing table is definitely the key element to modify here. Gotta love those dynamic routes!
upvoted 0 times
Gail
2 months ago
D) group policy
upvoted 0 times
...
Almeta
2 months ago
The routing table is definitely the key element to modify here. Gotta love those dynamic routes!
upvoted 0 times
...
Lili
2 months ago
C) routing table
upvoted 0 times
...
Bulah
2 months ago
B) encryption domain
upvoted 0 times
...
Cassandra
3 months ago
A) NAT exemption
upvoted 0 times
...
...
Cristal
4 months ago
I think the correct answer is A) NAT exemption.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77