Exam CAS-004 topic 1 question 162 discussion

A remote desktop gateway server is a secure network-based connection point that allows authorized users to connect to remote computers using RDP over the internet. By implementing a remote desktop gateway server, the security architect can enforce MFA for RDP connections and ensure that only secure ciphers are allowed. Additionally, by configuring the remote desktop gateway server to use OTP, the security architect can add an additional layer of security to the RDP connections. Implementing a reverse proxy for remote desktop with a secure cipher configuration enforced (option A) may improve the security of the RDP connections, but it does not specifically address the requirement to enforce MFA. Implementing a bastion host with a secure cipher configuration enforced (option B) may improve the security of the RDP connections, but it does not specifically address the requirement to enforce MFA. Implementing a GPO (Group Policy Object) that enforces TLS cipher suites and limits remote desktop access to only VPN users (option D) may improve the security of the RDP connections, but it does not specifically address the requirement to enforce MFA.

Enforcing MFA for RDP: RD Gateway can be configured to use OTP or other MFA mechanisms. Ensuring secure ciphers: RD Gateway can enforce the use of secure ciphers for RDP connections.

Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

agree.