Exam CAS-004 topic 1 question 28 discussion

So The reason I would say B is because of the first item. corporate-owned devices accessing servers directly is usually done with a VPN. This is the key factor in this question and it is the only answer with VPN. Also CASB helps a company control what cloud applications can be seen to what users.

The big what if is the interpretation of "corporate-owned devices" "accessing servers" Are the devices phones? Then it would be A., leveraging a Microsoft environment of Intune, AAD, and Sentinel. Since it doesn't say mobile I would say that with a lack of descriptors then we have to interpret that it is traditional and the answer would be B. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

Why A is the Best Answer? ✔ IAM Gateway (Identity and Access Management) → Controls user authentication and ensures only corporate-owned devices can access cloud resources. ✔ MDM (Mobile Device Management) → Enforces device policies, restricting access to only approved, corporate-owned devices. ✔ Reverse Proxy → Intercepts web traffic before it reaches the SaaS applications, allowing monitoring and access control. 💡 This setup ensures secure authentication, device enforcement, and visibility into user activity.

VPN: Ensures secure, device-based access control. CASB: Provides granular control over SaaS applications. Secure Web Gateway: Monitors and controls user browser activity.

✑ Only users with corporate-owned devices can directly access servers hosted by the cloud provider. (UEM) ✑ The company can control what SaaS applications each individual user can access. (API Gateway) ✑ User browser activity can be monitored. (Forward Proxy)

Only corporate owned devices - VPN can fulfill this, especially if it is hardware-based or requires an agent installed on the asset Control SaaS application access - CASB governs cloud usage across devices and cloud applications and so can control access User browser activity monitored - this can be accomplished both through a VPN and a secure web gateway. "secure web gateways provide advanced network protection by inspecting web requests against company policy"

B. VPN, CASB, and secure web gateway would be the best solution to meet the requirements. A VPN (Virtual Private Network) can restrict access to corporate-owned devices only, which would satisfy the first requirement. A CASB (Cloud Access Security Broker) would allow the company to control which SaaS applications individual users can access, fulfilling the second requirement.

MDM is the only viable solution for cloud based server access

B. VPN, CASB, and secure web gateway would BEST meet the requirements. A VPN would ensure that only corporate-owned devices can directly access the cloud-based infrastructure. A Cloud Access Security Broker (CASB) can control the access of individual users to SaaS applications, fulfilling the second requirement. A secure web gateway can monitor user browser activity, satisfying the final requirement. The secure web gateway acts as a security layer between the users and the internet, allowing for the monitoring and controlling of web traffic and ensuring that only authorized web resources are accessible.

A is the correct answer.

Only A addresses the issue of corp owned devices.

I believe the answer they have is correct. If they infrastructure is entirely in the cloud as it says. All can be accomplished and IAM (Azure AD) MDM (Intune) and the reverse proxy to monitor their browser.

Not sure how VPN plays a role but CASB and secure gateway seems a fit for 2 out of the 3 they need