An educational institution would like to make computer labs available to remote students. The labs are used for various IT networking, security, and programming courses. The requirements are:
Each lab must be on a separate network segment.
Labs must have access to the Internet, but not other lab networks.
Student devices must have network access, not simple access to hosts on the lab networks.
Students must have a private certificate installed before gaining access.
Servers must have a private certificate installed locally to provide assurance to the students.
All students must use the same VPN connection profile.
Which of the following components should be used to achieve the design in conjunction with directory services?
A . L2TP VPN over TLS for remote connectivity, SAML for federated authentication, firewalls between each lab segment
B . SSL VPN for remote connectivity, directory services groups for each lab group, ACLs on routing equipment
C . IPSec VPN with mutual authentication for remote connectivity, RADIUS for authentication, ACLs on network equipment
D . Cloud service remote access tool for remote connectivity, OAuth for authentication, ACL on routing equipment
Answer: C
Explanation:
IPSec VPN with mutual authentication meets the certificates requirements.
RADIUS can be used with the directory service for the user authentication.
ACLs (access control lists) are the best solution for restricting access to network hosts.
Incorrect Answers:
A: This solution has no provision for restricting access to hosts on the lab networks.
B: This solution has no provision for restricting access to hosts on the lab networks.
D: This solution has no provision for restricting access to hosts on the lab networks.