CompTIA CASP+ (CAS-003) — Question 127

A company's security policy states any remote connections must be validated using two forms of network-based authentication. It also states local administrative accounts should not be used for any remote access. PKI currently is not configured within the network. RSA tokens have been provided to all employees, as well as a mobile application that can be used for 2FA authentication. A new NGFW has been installed within the network to provide security for external connections, and the company has decided to use it for VPN connections as well. Which of the following should be configured? (Choose two.)

Answer options

• A. Certificate-based authentication
• B. TACACS+
• C. 802.1X
• D. RADIUS
• E. LDAP
• F. Local user database

Correct answer: D, E

Explanation

The correct answers are D and E because RADIUS and LDAP both offer network-based authentication methods that can support two-factor authentication and are compatible with the existing infrastructure. Certificate-based authentication (A) requires PKI to be established, which is currently not configured, while TACACS+ (B), 802.1X (C), and local user database (F) do not meet the requirement for two forms of authentication as specified in the security policy.