従業員が個人のノートパソコンを使って機密性の高いデータにアクセスしていることが判明した後、システム管理者は会社のデータを保護する必要があります。この状況に対処するには、次のうちどの機能が最適でしょうか。
正解:D
The best solution is Conditional Access (D). Conditional access policies enforce access requirements based on contextual signals such as device compliance, user identity, location, or risk profile. In this case, the administrator can configure conditional access to ensure that only managed, corporate-approved devices are allowed to access confidential data. If an employee attempts to use a personal laptop, the access request will be blocked or redirected to a secure process (e.g., virtual desktop).
Option A (OCSP stapling) relates to certificate revocation checking and does not control device access. Option B (CASB) provides cloud access visibility and control but is broader and less precise than enforcing direct device-level conditional policies. Option C (SOAR) orchestrates responses but is not primarily designed for access enforcement. Option E (package monitoring) detects software changes but does not prevent unauthorized device usage.
Conditional access is a core principle in Zero Trust and modern IAM, making it the best solution for ensuring that sensitive data can only be accessed from trusted devices.