CompTIA Network+ (N10-007) — Question 534

A company has multiple site-to-site VPN connections using a pre-shared key. The Chief Information Security Officer (CISO) is concerned about the long-term security of the tunnels and has asked the network technicians to develop a plan to ensure the best security of the tunnels. Which of the following should the network technicians implement?

Answer options

• A. Purchase dedicated MPLS circuits between each of the sites.
• B. Request a change of IP addresses from the ISP semiannually.
• C. Perform annual key rotations on the site-to-site VPNs.
• D. Terminate tunnels when they are not actively being used.

Correct answer: C

Explanation

The correct answer is C because performing annual key rotations helps to maintain the confidentiality and integrity of the VPN connections by ensuring that compromised keys are replaced regularly. Options A and B do not directly enhance the security of the VPN tunnels, while D may disrupt legitimate traffic and does not address the underlying issue of key management.