Free ISC2 CC Certified in Cybersecurity Actual Exam Questions - Question 13 Discussion

No doubt it’s D here. Routers and firewalls just direct or filter traffic; they don’t create a secure tunnel. VLANs are for segmenting networks locally, not really built to handle untrusted external connections. VPNs are specifically designed to establish private, encrypted links over public or untrusted networks, which matches the question perfectly.

D imo, VPNs create a secure tunnel directly between two points on untrusted networks.

D imo, it’s the only option that actually builds a secure tunnel between two points over a public network. Routers and firewalls just handle or filter traffic; they don’t establish a dedicated link. VLANs are limited to internal network segmentation, so they don’t apply to untrusted networks. VPNs specifically create that encrypted path you need for safe online communication when the network itself can’t be trusted.

B imo, firewalls control and filter traffic but don’t create direct secure links themselves. They’re more about protection than enabling point-to-point communication like a VPN does.

It’s D because routers and firewalls manage traffic but don’t create private links. VLANs segment networks internally, so only VPN creates a secure tunnel over an untrusted network.

D. The question mentions point-to-point communication over an untrusted network, which really rules out just using a router or firewall by themselves since they don't create a direct secure link. VLANs are more about segmenting networks internally, not securing external connections. VPNs specifically set up encrypted tunnels between two endpoints, making them the most suitable for this scenario regardless of the type of underlying network. So even if encryption isn’t explicitly mentioned, the key is the secure, dedicated connection that only a VPN provides here.

D, since VPN is explicitly designed for secure point-to-point over untrusted networks.

D, only VPN guarantees secure point-to-point across untrusted networks.

Option D because it’s the only one that establishes a secure direct link over untrusted networks.

D. VPNs create a secure tunnel between two points over an untrusted network, which is exactly what’s needed here. Routers and firewalls don’t provide end-to-end encryption or secure direct links by themselves, and VLANs only work within a local network, not across untrusted networks. So even if encryption isn’t explicitly mentioned, the phrase “untrusted network” pretty much demands something like a VPN to keep communication private and safe.

D/C? VPN definitely handles secure point-to-point over untrusted networks by encrypting traffic, while VLANs just isolate segments within a trusted environment. So VPN fits better here.

I’d rule out A and B quickly since routers and firewalls don’t inherently create secure point-to-point links—they just manage or filter traffic. VLANs (C) segment networks but don’t provide secure communication over untrusted networks by themselves. VPNs (D) actually create encrypted tunnels, which fits the “point-to-point online communication over an untrusted network” requirement. Is it safe to assume the question expects built-in security, not just any connection?

The question focuses on secure direct links, so VPN (D) fits best here.

It’s D because a VPN creates a secure, encrypted tunnel directly between two endpoints, which is exactly what you need for communication over an untrusted network like the internet. Routers and firewalls don’t provide that level of secured point-to-point connection; they mainly control or filter traffic. VLANs just separate traffic within the same local network, so they’re not relevant here. VPNs are designed to protect data as it travels between two points, so they fit this scenario perfectly from a security standpoint.

D imo. Firewalls and routers play roles in filtering and directing traffic, but they don’t create a direct secure tunnel. VLANs segment networks locally but don’t handle communication over untrusted external networks. VPNs specifically encrypt the data between two endpoints, which is exactly what “point-to-point” and “untrusted network” imply here. Without a VPN, the communication could be exposed even if there’s a firewall or router in place. So it’s really about creating a private link over a public or unsafe network, which only VPNs do by design.

D vs A? Routers just direct traffic, they don’t secure it end-to-end like VPNs do. So for encrypted point-to-point over untrusted networks, VPN still fits best.

Option D seems right since VPNs are specifically designed to create secure tunnels between two points over the internet, which is inherently untrusted. Routers and firewalls manage traffic and security but don't establish that direct, encrypted link themselves. VLANs just segment networks internally, so they don’t really fit. The question asks about enabling communication over an untrusted network, and VPNs are built exactly for that purpose—protecting data between two endpoints.

Looks like D’s the one for secure point-to-point over untrusted networks. D