ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CNX-001 All Questions

View all questions & answers for the CNX-001 exam
Go to Exam

Exam CNX-001 topic 1 question 41 discussion

Actual exam question from CompTIA's CNX-001
Question #: 41
Topic #: 1
[All CNX-001 Questions]

A customer asks a MSP to propose a ZTA design for its globally distributed remote workforce. Given the following requirements:
Authentication should be provided through the customer's SAML identity provider.
Access should not be allowed from countries where the business does not operate.
Secondary authentication should be added to the workflow to allow for passkeys.
Changes to the user's device posture and hygiene should require reauthentication into the network.
Access to the network should only be allowed to originate from corporate-owned devices.
Which of the following solutions should the MSP recommend to meet the requirements?

  • A. Enforce certificate-based authentication.
    Permit unauthenticated remote connectivity only from corporate IP addresses.
    Enable geofencing.
    Use cookie-based session tokens that do not expire for remembering user log-ins.
    Increase RADIUS server timeouts.
  • B. Enforce posture assessment only during the initial network log-on.
    Implement RADIUS for SSO.
    Restrict access from all non-U.S. IP addresses.
    Configure a BYOD access policy.
    Disable auditing for remote access.
  • C. Chain the existing identity provider to a new SAML.
    Require the use of time-based one-time passcode hardware tokens.
    Enable debug logging on the VPN clients by default.
    Disconnect users from the network only if their IP address changes.
  • D. Configure geolocation settings to block certain IP addresses.
    Enforce MFA.
    Federate the solution via SSO.
    Enable continuous access policies on the WireGuard tunnel.
    Create a trusted endpoints policy.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by SuntzuLegacy at May 19, 2025, 2:50 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SuntzuLegacy
1 month, 1 week ago
Selected Answer: D
Answer: D. Configure geolocation settings to block certain IP addresses. Enforce MFA. Federate the solution via SSO. Enable continuous access policies on the WireGuard tunnel. Create a trusted endpoints policy.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel