An organization routes all of its traffic through a VPN. Most users are remote and connect into a corporate datacenter that houses confidential information. There is a firewall at the Internet border, followed by a DLP appliance, the VPN server, and the datacenter itself. Which of the following is the WEAKEST design element? 

Answer options:

A. The DLP appliance should be integrated into a NGFW
B. Split-tunnel connections can negatively impact the DLP appliance`s performance
C. Encrypted VPN traffic will not be inspected when entering or leaving the network
D. Adding two hops in the VPN tunnel may slow down remote connections

C