CompTIA SecurityX (CAS-005) — Question 162

A network engineer must ensure that always-on VPN access is enabled but restricted to company assets. Which of the following best describes what the engineer needs to do?

Answer options

• A. Generate device certificates using the specific template settings needed.
• B. Modify signing certificates in order to support IKE version 2.
• C. Create a wildcard certificate for connections from public networks.
• D. Add the VPN hostname as a SAN entry on the root certificate.

Correct answer: A

Explanation

The correct answer, A, involves generating device certificates which are essential for authenticating company assets for VPN access. Options B and C do not directly relate to restricting access to company devices, while option D involves adding a hostname to a certificate but does not ensure the needed device restrictions.