CompTIA Cloud+ (CV0-004) — Question 9

A network administrator is building a site-to-site VPN tunnel from the company’s headquarters office to the company’s public cloud development network. The network administrator confirms the following:
The VPN tunnel is established on the headquarters office firewall.
While inside the office, developers report that they cannot connect to the development network resources.
While outside the office on a client VPN, developers report that they can connect to the development network resources.
The office and the client VPN have different IP subnet ranges.
The firewall flow logs show that traffic is reaching the development network from the office.
Which of the following is the next step the network administrator should take to troubleshoot the VPN tunnel?

Answer options

• A. Review the development network routing table.
• B. Change the ciphers on the site-to-site VPN.
• C. Restart the site-to-site VPN tunnel.
• D. Check the ACLs on the development workloads.

Correct answer: A

Explanation

The correct answer is A because checking the routing table can help identify if there are misconfigurations preventing traffic from the headquarters office from properly reaching the development network. The other options do not address the root cause of the connectivity issue, as changing ciphers, restarting the tunnel, or checking ACLs may not resolve the routing problem indicated by the scenario.