Your customer has a requirement to prevent certain apps from using an active VPN on a fully-managed device. Which one would be the recommended way to configure this?
Choose an answer
Tap an option to check your answer.
Correct answer: Add the applications that should go through the VPN to the allowlist.
Why this is the answer
The recommended approach is to add the applications that should use the VPN to an allowlist. This is known as "per-app VPN" or "split tunneling." By default, if no apps are specified, all traffic might go through the VPN. An allowlist ensures that only designated applications utilize the VPN connection, while all other applications bypass it. Assigning managed application configurations to a denylist is not a standard or efficient way to manage VPN usage at an app level. Blocking traffic on the local network is a network-level control and doesn't directly manage app-specific VPN usage on the device. Creating a work profile and routing all traffic through it would force all work profile apps through the VPN, not selectively prevent certain apps from using it.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed