CompTIA Security+ (SY0-501) — Question 224

A security engineer wants to implement a site-to-site VPN that will require SSL certificates for mutual authentication. Which of the following should the engineer implement if the design requires client MAC address to be visible across the tunnel?

Answer options

• A. Tunnel mode IPSec
• B. Transport mode VPN IPSec
• C. L2TP
• D. SSL VPN

Correct answer: D

Explanation

The correct answer is SSL VPN because it supports the visibility of client MAC addresses over the tunnel. Other options, such as IPSec in tunnel or transport mode, do not provide this capability, and L2TP does not inherently support mutual authentication with SSL certificates.