CompTIA CASP+ (CAS-004) — Question 639

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:
✑ Only users with corporate-owned devices can directly access servers hosted by the cloud provider.
✑ The company can control what SaaS applications each individual user can access.
✑ User browser activity can be monitored.
Which of the following solutions would BEST meet these requirements?

Answer options

• A. IAM gateway, MDM, and reverse proxy
• B. VPN, CASB, and secure web gateway
• C. SSL tunnel, DLP, and host-based firewall
• D. API gateway, UEM, and forward proxy

Correct answer: B

Explanation

Option B is the best choice because a VPN provides secure remote access for corporate devices, CASB allows control over SaaS applications, and a secure web gateway facilitates monitoring of user browsing activity. The other options do not collectively support all three requirements as effectively as option B does.