CompTIA SecurityX (CAS-005) — Question 104

A company migrating to a remote work model requires that company-owned devices connect to a VPN before logging in to the device itself. The VPN gateway requires that a specific key extension is deployed to the machine certificates in the internal PKI. Which of the following best explains this requirement?

Answer options

• A. The certificate is an additional factor to meet regulatory MFA requirements for VPN access.
• B. The VPN client selected the certificate with the correct key usage without user interaction.
• C. The internal PKI certificate deployment allows for Wi-Fi connectivity before logging in to other systems.
• D. The server connection uses SSL VPN, which uses certificates for secure communication.

Correct answer: B

Explanation

The correct answer, B, indicates that the VPN client is capable of autonomously choosing the appropriate certificate based on its key usage, which is essential for establishing a secure connection without user involvement. Option A is incorrect because it refers to MFA requirements, which are not the focus here. Option C is also wrong as it discusses Wi-Fi connectivity, which is unrelated to the VPN connection requirement. Option D, while mentioning SSL VPN, does not specifically address the role of the certificate selection process.