Examice

Exam CAS-004 All QuestionsBrowse all questions from this exam

Question 162

A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:

✑ Enforce MFA for RDP.

✑ Ensure RDP connections are only allowed with secure ciphers.

The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls or ACLs.

Which of the following should the security architect recommend to meet these requirements?

Implement a reverse proxy for remote desktop with a secure cipher configuration enforced.

Implement a bastion host with a secure cipher configuration enforced.

Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP.

Implement a GPO that enforces TLS cipher suites and limits remote desktop access to only VPN users.

Correct Answer: C

To meet the requirements of enforcing MFA for RDP and ensuring that RDP connections are only allowed with secure ciphers without restricting connections by network-level firewalls or ACLs, the best approach would be to implement a remote desktop gateway server. This server can enforce the use of secure ciphers for RDP connections and can also be configured to use OTP (One-Time Password), which fulfills the MFA requirement. Other options, such as reverse proxy, bastion host, or GPO, either do not adequately address both requirements or involve additional constraints like restricting access to VPN users.

Discussion

Mr_BuCk3th34DOption: C

A remote desktop gateway server is a secure network-based connection point that allows authorized users to connect to remote computers using RDP over the internet. By implementing a remote desktop gateway server, the security architect can enforce MFA for RDP connections and ensure that only secure ciphers are allowed. Additionally, by configuring the remote desktop gateway server to use OTP, the security architect can add an additional layer of security to the RDP connections. Implementing a reverse proxy for remote desktop with a secure cipher configuration enforced (option A) may improve the security of the RDP connections, but it does not specifically address the requirement to enforce MFA. Implementing a bastion host with a secure cipher configuration enforced (option B) may improve the security of the RDP connections, but it does not specifically address the requirement to enforce MFA. Implementing a GPO (Group Policy Object) that enforces TLS cipher suites and limits remote desktop access to only VPN users (option D) may improve the security of the RDP connections, but it does not specifically address the requirement to enforce MFA.

23169fdOption: C

Enforcing MFA for RDP: RD Gateway can be configured to use OTP or other MFA mechanisms. Ensuring secure ciphers: RD Gateway can enforce the use of secure ciphers for RDP connections.

BiteSizeOption: C

Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

Zulunation

when do you take you exam

e020fdc

And did you pass? I've enjoyed your comments. Straightforward and sometimes funny.

Test1269

He said he did in one of the original comments from the first few questions.

FOURDUEOption: C

agree.