The correct answer is A. Implement a virtual private network (VPN). CompTIA DataSys+ emphasizes secure remote access as a critical requirement for modern database environments, especially when users need to connect from untrusted networks such as home internet connections. A VPN provides a secure, encrypted tunnel between the user’s device and the organization’s internal network, allowing remote users to access database resources as if they were physically on-site.
By using strong encryption and authentication mechanisms, a VPN ensures that data transmitted over public networks cannot be intercepted, read, or altered by unauthorized parties. DataSys+ highlights VPNs as a best practice for protecting data-in-transit and preventing exposure of sensitive database services directly to the internet. VPNs also allow administrators to enforce centralized access controls, logging, and monitoring, further strengthening security.
Option B, implementing strong password policies, is an important security measure but does not by itself enable secure remote connectivity. Password policies address authentication strength, not secure network transport. Option C, configuring and deploying a firewall, is essential for controlling traffic flow, but a firewall alone does not provide secure remote access for home users. It typically blocks or allows connections rather than securely tunneling them. Option D, implementing a perimeter network (DMZ), is designed to host internet-facing services while isolating internal systems. Exposing databases through a perimeter network increases risk and is not recommended for direct user access to internal data.
CompTIA DataSys+ stresses the principle of minimizing attack surface. A VPN supports this principle by avoiding direct exposure of database services while still enabling authorized remote access. It also integrates well with multifactor authentication and identity management systems.
Therefore, the most secure and appropriate method to enable remote access without compromising stored data is to implement a virtual private network, making option A the correct and fully verified answer.
