Examice

Exam CAS-004 All QuestionsBrowse all questions from this exam

Question 28

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

✑ Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

✑ The company can control what SaaS applications each individual user can access.

✑ User browser activity can be monitored.

Which of the following solutions would BEST meet these requirements?

IAM gateway, MDM, and reverse proxy

VPN, CASB, and secure web gateway

SSL tunnel, DLP, and host-based firewall

API gateway, UEM, and forward proxy

Correct Answer: B

The best solution for meeting the requirements is the combination of VPN, CASB, and secure web gateway. A VPN (Virtual Private Network) ensures that only corporate-owned devices can directly access servers hosted by the cloud provider. A CASB (Cloud Access Security Broker) allows the company to control which SaaS applications each individual user can access. A secure web gateway will be able to monitor user browser activity effectively, acting as an intermediary to inspect and log web interactions.

Discussion

romero318Option: B

So The reason I would say B is because of the first item. corporate-owned devices accessing servers directly is usually done with a VPN. This is the key factor in this question and it is the only answer with VPN. Also CASB helps a company control what cloud applications can be seen to what users.

BiteSizeOption: B

The big what if is the interpretation of "corporate-owned devices" "accessing servers" Are the devices phones? Then it would be A., leveraging a Microsoft environment of Intune, AAD, and Sentinel. Since it doesn't say mobile I would say that with a lack of descriptors then we have to interpret that it is traditional and the answer would be B. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

margomi86Option: B

B. VPN, CASB, and secure web gateway would be the best solution to meet the requirements. A VPN (Virtual Private Network) can restrict access to corporate-owned devices only, which would satisfy the first requirement. A CASB (Cloud Access Security Broker) would allow the company to control which SaaS applications individual users can access, fulfilling the second requirement.

david124Option: B

B. VPN, CASB, and secure web gateway would BEST meet the requirements. A VPN would ensure that only corporate-owned devices can directly access the cloud-based infrastructure. A Cloud Access Security Broker (CASB) can control the access of individual users to SaaS applications, fulfilling the second requirement. A secure web gateway can monitor user browser activity, satisfying the final requirement. The secure web gateway acts as a security layer between the users and the internet, allowing for the monitoring and controlling of web traffic and ensuring that only authorized web resources are accessible.

dangerelchuloOption: B

Not sure how VPN plays a role but CASB and secure gateway seems a fit for 2 out of the 3 they need

loganharris

VPNs can be used to ensure only corporate devices connect

imatherOption: B

Only corporate owned devices - VPN can fulfill this, especially if it is hardware-based or requires an agent installed on the asset Control SaaS application access - CASB governs cloud usage across devices and cloud applications and so can control access User browser activity monitored - this can be accomplished both through a VPN and a secure web gateway. "secure web gateways provide advanced network protection by inspecting web requests against company policy"

BroesweeliesOption: A

MDM is the only viable solution for cloud based server access

Cosmic_robot

That makes no sense at all. Mobile Device Management (MDM) focuses on the control of mobile devices to ensure compliance with an organizationʼs security requirements. That came straight from the CompTIA CAS-004 book. VPN, CASB, and Secure web gateway are the best options. Go with B.

EZPASSOption: A

A is the correct answer.

Protocol0Option: A

I believe the answer they have is correct. If they infrastructure is entirely in the cloud as it says. All can be accomplished and IAM (Azure AD) MDM (Intune) and the reverse proxy to monitor their browser.

BiteSize

Completely agree but the big what if is the interpretation of "corporate-owned devices" "accessing servers" Are the devices phones? Then yes, yours works. Since it doesn't say mobile I would say that with a lack of descriptors then we have to interpret that it is traditional and the answer would be B.

23169fdOption: B

VPN: Ensures secure, device-based access control. CASB: Provides granular control over SaaS applications. Secure Web Gateway: Monitors and controls user browser activity.

Mr214Option: D

✑ Only users with corporate-owned devices can directly access servers hosted by the cloud provider. (UEM) ✑ The company can control what SaaS applications each individual user can access. (API Gateway) ✑ User browser activity can be monitored. (Forward Proxy)

lordguckOption: A

Only A addresses the issue of corp owned devices.