SY0-701 Question #592: Real Exam Question with Answer & Explanation

Question

An organization wants to implement a secure solution for remote users. The users handle sensitive PHI on a regular basis and need to access an internally developed corporate application. Which of the following best meet the organization's security requirements? (Choose two.)

Options

• ALocal administrative password
• BPerimeter network
• CJump server
• DWAF
• EMFA
• FVPN

Explanation

MFA (E) and VPN (F) directly address the two core requirements: who is accessing the system and how they connect. A VPN creates an encrypted tunnel so remote users can securely reach the internal application over untrusted networks, which is essential for PHI in transit. MFA adds a critical identity verification layer, ensuring that even stolen credentials can't grant unauthorized access - a regulatory expectation under HIPAA for PHI systems.

Why the distractors fail:

• A (Local admin password): Elevates local privileges on a device, doesn't secure remote access or protect PHI in transit.
• B (Perimeter network / DMZ): A network architecture concept for isolating public-facing services, not a remote access control mechanism.
• C (Jump server): Useful for privileged admin access to internal systems, but adds complexity without being the best general-purpose remote user solution - and alone doesn't encrypt traffic or verify identity strongly.
• D (WAF): Protects web applications from attacks like SQL injection/XSS, but doesn't authenticate remote users or encrypt their connection.

Memory tip: Think "Who + How" - MFA answers who (verified identity), VPN answers how (secure tunnel). Any time a question involves remote users + sensitive data (especially PHI/PII), this pairing is almost always the right answer.

No community discussion yet for this question.