which of the following is not a factor a secure vpn design should address?