CyberArk Defender – Access — Question 26

Your organization wants to limit access to the CyberArk Identity user portal to only corporate issued domain-joined laptops without the use of a VPN.
How can you achieve this?

Answer options

• A. Use the Windows Device Trust agent with certificate-based authentication.
• B. Use the Windows Cloud Agent and CyberArk Identity Connector with Integrated Windows Authentication (IWA).
• C. Define a range of internal corporate IP addresses and use them to restrict access.
• D. Use the CyberArk Conjur integration.

Correct answer: A

Explanation

The correct answer is A, as the Windows Device Trust agent with certificate-based authentication ensures that only registered, domain-joined devices can access the portal. Option B, while secure, does not specifically restrict access to only corporate devices without a VPN. Option C is not ideal because it relies on IP address restrictions, which can be less secure. Option D is unrelated to the specific requirement of limiting access to domain-joined laptops.