Which of the following decisions would BEST support this objective?

– by 6

A network engineer is attempting to design-in resiliency characteristics for an enterprise network’s VPN services.
If the engineer wants to help ensure some resilience against zero-day vulnerabilities exploited against the VPN implementation, which of the following decisions would BEST support this objective?
A. Implement a reverse proxy for VPN traffic that is defended and monitored by the organization’s SOC with near-real-time alerting to administrators.
B. Subscribe to a managed service provider capable of supporting the mitigation of advanced DDoS attacks on the enterprise’s pool of VPN concentrators.
C. Distribute the VPN concentrators across multiple systems at different physical sites to ensure some backup services are available in the event of primary site loss.
D. Employ a second VPN layer concurrently where the other layer’s cryptographic implementation is sourced from a different vendor.

How to PASS CAS-004 in First Attempt?

FULL Printable PDF and Software. VALID exam to help you PASS.
comptia-exams

6 thoughts on “Which of the following decisions would BEST support this objective?

  1. D

    If you use a different vendor for the second implementation than you should be resilient. If a zero-day is found in one of the vendor’s software, you can default to the other.

    Reply

  2. I was wrong. I change my answer to D. Employ a second VPN. Because if one VPN is hacked, you can switch to using the second VPN.

    It is not C. Does not matter how many VPN concentrator you distributed, once your VPN is hacked, they have access to all your VPN asset.

    2
    Reply

  3. I like answer C. Distribute the VPN concentrators.
    Agree with 007, key word is “resilience.” recover quickly after an attack. Zero-day attack is new unknow exploit, so there is no signature for you to compare.

    A. Implement a reverse proxy…and monitored (No, unable to monitor zero-day.)
    B. Subscribe to… mitigation of advanced DDoS (No, we are talking about zero-day… not DDoS.)
    C. Distribute the VPN concentrators (Yes, this will allow your VPN capability to recover quickly.)
    D. Employ a second VPN layer (No, double VPN will not provide resilience. Example: Data goes through VPN1 (ExpressVPN) and then it goes through VPN2 (NordVPN) and then goes to final destination. After an attack, the VPN will be no more or less resilient.)

    Reply

  4. Key word is resilience, which means to recover. If the attack is a zero day then there is no monitoring for it. A zero day attack is the first of its kind for that specific attack. No point to monitor.

    Possibly managed service provider but not sold on that answer due to be able to recover quickly.

    Distribute VPN concentrators allows to recover and states its a backup if the main one goes down.

    D doesnt even make sense…

    1
    Reply

  6. maybe A. Implement a reverse proxy for VPN traffic that is defended and monitored by the organization’s SOC with near-real-time alerting to administrators.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.