CompTIA CASP+ (CAS-003) — Question 310

An international e-commerce company has identified attack traffic originating from a whitelisted third party's IP address used to mask the third party's internal network. The security team needs to block the attack traffic without impacting the vendor's services. Which of the following is the BEST approach to identify the threat?

Answer options

• A. Ask the third-party vendor to block the attack traffic
• B. Configure the third party's proxy to begin sending X-Forwarded-For headers
• C. Configure the e-commerce company's IPS to inspect HTTP traffic
• D. Perform a vulnerability scan against the network perimeter and remediate any issues identified

Correct answer: B

Explanation

The best approach is B, as configuring the third party's proxy to send X-Forwarded-For headers allows the e-commerce company to see the original client IP addresses, which helps in identifying the source of the attack traffic. Option A is ineffective because it places the burden on the vendor without a clear resolution. Option C may help detect threats but does not specifically identify the source of the malicious traffic. Option D is preventative but does not address the immediate need to identify and block the current attack traffic.