nerdexam
CompTIA

CV0-003 · Question #474

A large law firm is migrating all of its systems to the cloud to meet growing business needs. The firm wants to reduce IT staff while maintaining day-to-day operations, such as user provisioning, fold

The correct answer is B. Client-to-site VPN. A client-to-site VPN uses client certificates to cryptographically bind each connection to a specific user identity, providing the auditable, non-deniable proof required for user non-repudiation.

Security

Question

A large law firm is migrating all of its systems to the cloud to meet growing business needs. The firm wants to reduce IT staff while maintaining day-to-day operations, such as user provisioning, folder management, and permissions. Which of the following MUST the cloud provider and cloud customer implement to ensure user non-repudiation?

Options

  • AServer certificate
  • BClient-to-site VPN
  • CTwo-factor authentication
  • DSingle sign-on

How the community answered

(40 responses)
  • A
    10% (4)
  • B
    80% (32)
  • C
    8% (3)
  • D
    3% (1)

Why each option

A client-to-site VPN uses client certificates to cryptographically bind each connection to a specific user identity, providing the auditable, non-deniable proof required for user non-repudiation.

AServer certificate

A server certificate authenticates the server to the client, not the client to the server, so it establishes server identity but provides no mechanism to prove or bind user actions for non-repudiation.

BClient-to-site VPNCorrect

A client-to-site VPN requires each user to authenticate using a unique client certificate issued by a trusted authority, which cryptographically binds the connection to a specific verified identity. Because the private key is held exclusively by the user, they cannot plausibly deny having initiated the connection, satisfying the definition of non-repudiation and creating an auditable record of user activity within the cloud environment.

CTwo-factor authentication

Two-factor authentication strengthens identity verification at login but does not produce the cryptographic proof or signed audit trail that constitutes true non-repudiation of user actions.

DSingle sign-on

Single sign-on centralizes authentication across services for convenience but provides no cryptographic mechanism to prove that a specific user performed a specific action, which is the core requirement of non-repudiation.

Concept tested: User non-repudiation via client certificate VPN authentication

Topics

#non-repudiation#identity management#user provisioning#authentication

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice