ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization must let short-term contractors reach an internal web application remotely. They connect from hotel or guest Wi-Fi that permits only outbound TCP port 443. Policy requires mutual X.509 certificate authentication, and administrators want to avoid contractors installing extra network adapters or changing local firewalls. Which VPN approach best meets these constraints while following security best practices?
Implement an L2TP over IPsec remote-access VPN that installs a virtual network adapter and uses UDP ports 500, 1701, and 4500.
Configure an IPsec VPN in tunnel mode with IKEv2 and pre-shared keys, requiring UDP ports 500 and 4500 to be open.
Enable PPTP with MS-CHAPv2 authentication on the perimeter firewall so contractors can connect using native OS support.
Deploy a clientless SSL/TLS VPN that terminates on the DMZ gateway and uses X.509 client certificates for authentication.
A clientless SSL/TLS VPN tunnels application traffic over standard HTTPS (TCP 443), which almost all restrictive networks allow. Because it runs at the transport layer, it needs no additional virtual network adapters or kernel-mode drivers. SSL/TLS can enforce mutual authentication with X.509 client certificates, satisfying the policy. In contrast, IPsec (IKEv2) and L2TP over IPsec require UDP 500 and 4500 (plus UDP 1701 for L2TP) and typically install a VPN adapter-ports often blocked on hotel Wi-Fi. PPTP uses weak MS-CHAPv2 and GRE (IP 47), making it both less secure and likely to be filtered. Therefore, the clientless SSL/TLS VPN is the most appropriate choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the role of X.509 certificates in mutual authentication?
Open an interactive chat with Bash
Why is a clientless SSL/TLS VPN preferred for restrictive networks?
Open an interactive chat with Bash
How does SSL/TLS differ from IPsec in remote VPN connections?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .