nerdexam
CompTIA

CV0-003 · Question #458

Recent feedback from an employee engagement survey stated that users are frustrated with multiple logins to different SaaS providers, and the cloud engineering teams is directed to address this issue

The correct answer is D. Deploy SSO and enforce VPN access to the corporate domain.. SSO eliminates the multiple-login frustration by providing a single credential set across all SaaS providers, while VPN enforcement ensures all SaaS access originates from approved corporate IP addresses as required by the security policy.

Security

Question

Recent feedback from an employee engagement survey stated that users are frustrated with multiple logins to different SaaS providers, and the cloud engineering teams is directed to address this issue and implement a solution. The security policy states that users must access the SaaS from approved IP addresses. Which of the following is the BEST and most efficient solution to deploy?

Options

  • ADeploy an IPSec tunnel to each SaaS provider and enable biometric login.
  • BDeploy a smart card login and change passwords to each SaaS vendor every 30 days.
  • CDeploy a CASB solution and whitelist the approved SaaS applications.
  • DDeploy SSO and enforce VPN access to the corporate domain.

How the community answered

(18 responses)
  • A
    11% (2)
  • B
    6% (1)
  • D
    83% (15)

Why each option

SSO eliminates the multiple-login frustration by providing a single credential set across all SaaS providers, while VPN enforcement ensures all SaaS access originates from approved corporate IP addresses as required by the security policy.

ADeploy an IPSec tunnel to each SaaS provider and enable biometric login.

Deploying an IPSec tunnel to each individual SaaS provider is operationally complex and does not provide a unified login experience, so users still face multiple credential sets.

BDeploy a smart card login and change passwords to each SaaS vendor every 30 days.

Smart card login per vendor combined with 30-day password rotations increases credential management burden rather than reducing the number of separate logins users must complete.

CDeploy a CASB solution and whitelist the approved SaaS applications.

A CASB solution can govern and whitelist approved SaaS applications, but it does not provide single sign-on or inherently enforce that access originates only from approved IP addresses.

DDeploy SSO and enforce VPN access to the corporate domain.Correct

SSO (Single Sign-On) directly solves the employee complaint by federating identity across all SaaS providers so users authenticate once and gain access to all approved applications. Mandating VPN access routes every user session through the corporate network, guaranteeing that SaaS connections come from whitelisted corporate IP addresses and satisfying the stated security policy without requiring per-provider IP allowlisting.

Concept tested: SSO and VPN enforcement for SaaS access control

Source: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/what-is-single-sign-on

Topics

#SSO#VPN#SaaS access control#IP whitelisting

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice