Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
A company migrating to a remote work model requires that company-owned devices connect to a VPN before logging in to the device itself. The VPN gateway requires that a specific key extension is deployed to the machine certificates in the internal PKI. Which of the following best explains this requirement?
Correct Answer: B
Comprehensive and Detailed Explanation: This scenario describes an enterprise VPN setup that requires machine authentication before a user logs in. The best explanation for this requirement is that the VPN client selects the appropriate certificate automatically based on the key extension in the machine certificate. * Understanding the Key Extension Requirement: * PKI (Public Key Infrastructure) issues machine certificates that include specific key usages such as Client Authentication or IPSec IKE Intermediate. * Key usage extensions define how a certificate can be used, ensuring that only valid certificates are selected by the VPN client. * Why Option B is Correct: * The VPN automatically selects the correct machine certificate with the appropriate key extension. * The process occurs without user intervention, ensuring seamless VPN authentication before login. * Why Other Options Are Incorrect: * A (MFA requirement): Certificates used in this scenario are for machine authentication, not user MFA. MFA typically involves user credentials plus a second factor (like OTPs or biometrics), which is not applicable here. * C (Wi-Fi connectivity before login): This refers to pre-logon networking, which is a separate concept where devices authenticate to a Wi-Fi network before login, usually via 802.1X EAP- TLS. However, this question specifically mentions VPN authentication, not Wi-Fi authentication. * D (SSL VPN with certificates): While SSL VPNs do use certificates, this scenario involves machine certificates issued by an internal PKI, which are commonly used in IPSec VPNs, not SSL VPNs.