Free PBQ Demo · Advanced

Topology · Secure VPN Rollout

Stand up SSL-VPN for 200 hybrid workers — pick the right encryption, configure MFA + posture checks, scope file-server access, and open the right perimeter port.

Tests: Secure remote access, IPsec vs SSL-VPN trade-offs, split-tunnel risk, MFA + endpoint posture — Security+ Domain 3 / 4.

~10 minNo signup needed

Scenario

200 hybrid workers need secure access to the HR portal and a payroll file share from personal laptops. MFA, posture checks, and inspected tunnels are required by compliance.

Configure the VPN concentrator, the remote-endpoint client, the perimeter firewall and the internal resources so traffic is encrypted, authenticated, posture-checked and inspected.

Network Topology — Live View

monitoring
ISPWANencrypted tunnel10.0.20.0/24Remote Useremployee laptopInternet0.0.0.0/0Perimeter FWfw-edge-01VPN Concentratorvpn-conc-01Core Switchsw-core-01FS-PayrollHR file shareHR Portalweb app
InfectedAlertConfiguredclick any hostto configure

Remote User

employee laptop

Alert

Endpoint Hardening

Tasks

  • Configure the VPN concentrator with SSL-VPN, AES-256, MFA, and AD + RADIUS auth.
  • Open the matching VPN inbound port on the perimeter firewall + enable inspection.
  • Harden the remote laptop — always-on, posture check, no split-DNS.
  • Restrict the payroll file share to vpn_users only; enforce SSO on the HR portal.

0 settings configured

Liked this PBQ? There are 80+ more inside.

Sign up free to take full timed exams with mixed MCQs and all 6 PBQ types — across 10 CompTIA and Cisco certifications.