CAS-004 Exam QuestionsBrowse all questions from this exam
Go to Exam

CAS-004 Exam - Question 162

A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:

✑ Enforce MFA for RDP.

✑ Ensure RDP connections are only allowed with secure ciphers.

The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls or ACLs.

Which of the following should the security architect recommend to meet these requirements?

Show Answer
Correct Answer: C

To meet the requirements of enforcing MFA for RDP and ensuring that RDP connections are only allowed with secure ciphers without restricting connections by network-level firewalls or ACLs, the best approach would be to implement a remote desktop gateway server. This server can enforce the use of secure ciphers for RDP connections and can also be configured to use OTP (One-Time Password), which fulfills the MFA requirement. Other options, such as reverse proxy, bastion host, or GPO, either do not adequately address both requirements or involve additional constraints like restricting access to VPN users.

Discussion

4 comments
Sign in to comment
Mr_BuCk3th34DOption: C
Dec 27, 2022

A remote desktop gateway server is a secure network-based connection point that allows authorized users to connect to remote computers using RDP over the internet. By implementing a remote desktop gateway server, the security architect can enforce MFA for RDP connections and ensure that only secure ciphers are allowed. Additionally, by configuring the remote desktop gateway server to use OTP, the security architect can add an additional layer of security to the RDP connections. Implementing a reverse proxy for remote desktop with a secure cipher configuration enforced (option A) may improve the security of the RDP connections, but it does not specifically address the requirement to enforce MFA. Implementing a bastion host with a secure cipher configuration enforced (option B) may improve the security of the RDP connections, but it does not specifically address the requirement to enforce MFA. Implementing a GPO (Group Policy Object) that enforces TLS cipher suites and limits remote desktop access to only VPN users (option D) may improve the security of the RDP connections, but it does not specifically address the requirement to enforce MFA.

FOURDUEOption: C
Feb 9, 2023

agree.

BiteSizeOption: C
Jul 19, 2023

Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

Zulunation
Aug 27, 2023

when do you take you exam

e020fdc
Feb 13, 2024

And did you pass? I've enjoyed your comments. Straightforward and sometimes funny.

Test1269
Feb 16, 2024

He said he did in one of the original comments from the first few questions.

23169fdOption: C
Jul 13, 2024

Enforcing MFA for RDP: RD Gateway can be configured to use OTP or other MFA mechanisms. Ensuring secure ciphers: RD Gateway can enforce the use of secure ciphers for RDP connections.