Designing Cisco Network Service Architectures (ARCH, legacy) — Question 81

When designing remote access to the Enterprise Campus network for teleworkers and mobile workers, which of the following should the designer consider?

Answer options

• A. It is recommended to place the VPN termination device in line with the Enterprise Edge firewall, with ingress traffic limited to SSL only
• B. Maintaining access rules, based on the source IP of the client, on an internal firewall drawn from a headend RADIUS server is the most secure deployment
• C. VPN Headend routing using Reverse Route Injection (RRI) with distribution is recommended when the remote user community is small and dedicated DHCP scopes are in place
• D. Clientless SSL VPNs provide more granular access control than SSL VPN clients (thin or thick), including at Layer7

Correct answer: D

Explanation

The correct answer is D because clientless SSL VPNs provide more nuanced access control features that can be beneficial for managing user permissions and resources at a deeper level. Options A, B, and C discuss various deployment strategies but do not address the level of access control that clientless SSL VPNs offer compared to traditional SSL VPN clients.