CompTIA CASP+ (CAS-002) — Question 3

Company A needs to export sensitive data from its financial system to company B’s database, using company B’s API in an automated manner. Company A’s policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company A’s financial system and company B’s destination server using the supplied API. Additionally, company A’s legacy financial software does not support encryption, while company B’s API supports encryption. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements?

Answer options

• A. Company A must install an SSL tunneling software on the financial system.
• B. Company A’s security administrator should use an HTTPS capable browser to transfer the data.
• C. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.
• D. Company A and B must create a site-to-site IPSec VPN on their respective firewalls.

Correct answer: A

Explanation

Installing SSL tunneling software on Company A's financial system will enable encrypted communication directly to Company B's API, thus providing end-to-end encryption as required. The other options either do not provide the necessary encryption for the data in transit (like using a browser or MPLS circuit) or do not facilitate a direct connection as per Company A's policy (like creating an IPSec VPN).