Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA CNX-001 Exam - Topic 3 Question 20 Discussion

A customer asks a MSP to propose a ZTA design for its globally distributed remote workforce. Given the following requirements:Authentication should be provided through the customer's SAML identity provider.Access should not be allowed from countries where the business does not operate.Secondary authentication should be added to the workflow to allow for passkeys.Changes to the user's device posture and hygiene should require reauthentication into the network.Access to the network should only be allowed to originate from corporate-owned devices.Which of the following solutions should the MSP recommend to meet the requirements?
D) Configure geolocation settings to block certain IP addresses. Enforce MFA. Federate the solution via SSO. Enable continuous access policies on the WireGuard tunnel. Create a trusted endpoints policy.
A) Enforce certificate-based authentication. Permit unauthenticated remote connectivity only from corporate IP addresses. Enable geofencing. Use cookie-based session tokens that do not expire for remembering user log-ins. Increase RADIUS server timeouts.
B) Enforce posture assessment only during the initial network log-on. Implement RADIUS for SSO. Restrict access from all non-U.S. IP addresses. Configure a BYOD access policy. Disable auditing for remote access.
C) Chain the existing identity provider to a new SAML. Require the use of time-based one-time passcode hardware tokens. Enable debug logging on the VPN clients by default. Disconnect users from the network only if their IP address changes.

CompTIA CNX-001 Exam - Topic 3 Question 20 Discussion

Actual exam question for CompTIA's CNX-001 exam
Question #: 20
Topic #: 3
[All CNX-001 Questions]

A customer asks a MSP to propose a ZTA design for its globally distributed remote workforce. Given the following requirements:

Authentication should be provided through the customer's SAML identity provider.

Access should not be allowed from countries where the business does not operate.

Secondary authentication should be added to the workflow to allow for passkeys.

Changes to the user's device posture and hygiene should require reauthentication into the network.

Access to the network should only be allowed to originate from corporate-owned devices.

Which of the following solutions should the MSP recommend to meet the requirements?

Show Suggested Answer Hide Answer
Suggested Answer: D

Federate the solution via SSO ensures authentication is handled by the customer's SAML identity provider.

Enforce MFA supports secondary authentication with passkeys.

Configure geolocation settings to block certain IP addresses prevents access from unauthorized countries.

Enable continuous access policies on the WireGuard tunnel forces re-authentication whenever device posture or hygiene changes.

Create a trusted endpoints policy restricts access to corporate-owned devices only.


Contribute your Thoughts:

0/2000 characters
Ashlyn
2 days ago
I feel like enforcing MFA is crucial for security, but I'm not clear if it's enough on its own without the right access policies.
upvoted 0 times
...
Erinn
7 days ago
I'm not entirely sure about the SAML integration part; I think we practiced a similar question but I can't recall the specifics.
upvoted 0 times
...
Lawanda
12 days ago
I remember we discussed the importance of geolocation settings in class, so option D seems like it could be a good fit.
upvoted 0 times
...

Save Cancel