REALISTIC ANSWERS PLS
QUESTION: 180
A network engineer is attempting to design-in resiliency characteristics for an enterprise network’s VPN services.
If the engineer wants to help ensure some resilience against zero-day vulnerabilities exploited
against the VPN implementation, which of the following decisions would BEST support this
objective?
A. Implement a reverse proxy for VPN traffic that is defended and monitored by the organization’s SOC with near-real-time alerting to administrators.
B. Subscribe to a managed service provider capable of supporting the mitigation of advanced DDoS attacks on the enterprise’s pool of VPN concentrators.
C. Distribute the VPN concentrators across multiple systems at different physical sites to ensure some backup services are available in the event of primary site loss.
D. Employ a second VPN layer concurrently where the other layer’s cryptographic implementation is sourced from a different vendor.
QUESTION: 154
An engineer maintains a corporate-owned mobility infrastructure, and the organization requires that all web browsing using corporate-owned resources be monitored. Which of the following would allow the organization to meet its requirement? (Choose two.)
A. Exempt mobile devices from the requirement, as this will lead to privacy violations
B. Configure the devices to use an always-on IPSec VPN
C. Configure all management traffic to be tunneled into the enterprise via TLS
D. Implement a VDI solution and deploy supporting client apps to devices
E. Restrict application permissions to establish only HTTPS connections outside of the enterprise boundary
QUESTION: 180
A network engineer is attempting to design-in resiliency characteristics for an enterprise network’s VPN services.
If the engineer wants to help ensure some resilience against zero-day vulnerabilities exploited
against the VPN implementation, which of the following decisions would BEST support this
objective?
Answer : D. Employ a second VPN layer concurrently where the other layer’s cryptographic implementation is sourced from a different vendor.
QUESTION: 154
An engineer maintains a corporate-owned mobility infrastructure, and the organization requires that all web browsing using corporate-owned resources be monitored. Which of the following would allow the organization to meet its requirement? (Choose two.)
Answer :
B. Configure the devices to use an always-on IPSec VPN
E. Restrict application permissions to establish only HTTPS connections outside of the enterprise boundary
REALISTIC ANSWERS PLS QUESTION: 180 A network engineer is attempting to design-in resiliency characteristics for an...