An engineer is configuring clientless SSL VPN. The finance department has a database server that only they should access, but the sales department can currently access it. The finance and the sales departments are configured as separate group-policies. Which option must be added to the configuration to make sure the users in the sales department cannot access the finance department server?
A. tunnel group lock
B. webtype ACL
C. port forwarding
D. VPN filter ACL
A is the right answer because the group-lock feature on the ASA restricts a user to a specific tunnel group.
Its webtype ACL. Tunnel group-lock only controls which connection profile a user can log in to. The ACL allows or denys access to resources on the network.