NSE 8 – Network Security Expert — Question 3

An administrator wants to assign static IP addresses to users connecting tunnel-mode SSL VPN. Each SSL VPN user must always get the same unique IP address which is never assigned to any other user.
Which solution accomplishes this task?

Answer options

• A. TACACS+ authentication with an attribute-value (AV) pair containing each user’s IP address.
• B. RADIUS authentication with each user’s IP address stored in a Vendor Specific Attribute (VSA).
• C. LDAP authentication with an LDAP attribute containing each user’s IP address.
• D. FSSO authentication with an LDAP attribute containing each user’s IP address.

Correct answer: D

Explanation

The correct answer is D because FSSO (Flexible Single Sign-On) combined with LDAP allows for the assignment of static IP addresses based on LDAP attributes, ensuring that each user receives a consistent IP address. Options A, B, and C do not provide the same mechanism for guaranteeing unique IP addresses for each SSL VPN user, making them unsuitable for this specific requirement.