CompTIA SecurityX (CAS-005) — Question 160

A systems engineer is configuring SSO for a business that will be using SaaS applications for its remote-only workforce. Privileged actions in SaaS applications must be allowed only from corporate mobile devices that meet minimum security requirements, but BYOD must also be permitted for other activity. Which of the following would best meet this objective?

Answer options

• A. Block any connections from outside the business's network security boundary.
• B. Install machine certificates on corporate devices and perform checks against the clients.
• C. Configure device attestations and continuous authorization controls.
• D. Deploy application protection policies using a corporate, cloud-based MDM solution.

Correct answer: D

Explanation

The correct answer is D because deploying application protection policies through a corporate MDM solution allows for secure management of applications on corporate devices while also accommodating BYOD for other activities. Option A is incorrect as it would block all external access, which is not feasible for remote work. Option B does not provide the necessary management for BYOD use. Option C focuses on device security but lacks the application-level controls provided by an MDM solution.