CompTIA CNX-001 Exam - Topic 1 Question 10 Discussion

Actual exam question for CompTIA's CNX-001 exam

Question #: 10
Topic #: 1

A network architect must ensure only certain departments can access specific resources while on premises. Those same users cannot be allowed to access those resources once they have left campus. Which of the following would ensure access is provided according to these requirements?

AEnabling MFA for only those users within the departments needing access

BConfiguring geofencing with the IPs of the resources

CConfiguring UEBA to monitor all access to those resources during non-business hours

DImplementing a PKI-based authentication system to ensure access

Show Suggested Answer

Suggested Answer: B

By defining an IP-based geofence around the on-premises network addresses where those resources reside, you ensure that only users connecting from inside the campus IP ranges can reach them. As soon as the same users leave that network (and thus fall outside the geofenced IP block), access is automatically denied.

by Chana at Aug 15, 2025, 11:47 AM

Limited Time Offer

25%

Off

Get Premium CNX-001 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Rima

2 months ago

UEBA could help, but it doesn't prevent access, right?

upvoted 0 times

...

Juan

2 months ago

PKI sounds complicated for just access control.

upvoted 0 times

...

Lashawnda

2 months ago

Wait, can geofencing really block access off-campus?

upvoted 0 times

...

Kimberlie

2 months ago

I think MFA alone isn't enough for this scenario.

upvoted 0 times

...

Katlyn

2 months ago

Geofencing is a solid choice for this!

upvoted 0 times

...

Rodrigo

3 months ago

Implementing a PKI system seems like a solid option, but I wonder if it directly addresses the location-based access requirement.

upvoted 0 times

...

Wynell

3 months ago

UEBA sounds interesting, but I’m not sure if monitoring access during non-business hours would actually prevent off-campus access.

upvoted 0 times

...

Zoila

4 months ago

I remember practicing a question about access control, and I think MFA alone wouldn’t prevent access off-campus, so it might not be A.

upvoted 0 times

...

Deonna

4 months ago

I think geofencing could be the right answer since it restricts access based on location, but I'm not completely sure how it would work with IPs.

upvoted 0 times

...

Corazon

4 months ago

I think option B with geofencing is the most straightforward solution here. It would allow the network architect to specifically control access based on the user's location, which is exactly what the question is asking for. I feel confident that this is the best approach for this scenario.

upvoted 0 times

...

Corrinne

4 months ago

Option C with UEBA monitoring during non-business hours seems like a good way to detect any suspicious activity, but I'm not sure if that fully addresses the requirement of restricting access to only on-premises users. I'll have to weigh the pros and cons of each choice.

upvoted 0 times

...

Marylyn

4 months ago

Hmm, this is a tricky one. I'm leaning towards option D with a PKI-based authentication system, as that would provide a more secure and granular way to control access. But I'll need to review the details of each option again.

upvoted 0 times

...

Leslie

5 months ago

I'm a bit unsure about this one. Option A with MFA could work, but it might be too broad and not specific enough to the departments that need access. I'll have to think this through carefully.

upvoted 0 times

...

Tiera

5 months ago

This seems like a straightforward access control question. I think option B, configuring geofencing with the IPs of the resources, would be the best approach to ensure users can only access the resources while on premises.

upvoted 0 times

...