CompTIA CASP+ (CAS-003) — Question 91

A company's chief cybersecurity architect wants to configure mutual authentication to access an internal payroll website. The architect has asked the administration team to determine the configuration that would provide the best defense against MITM attacks. Which of the following implementation approaches would BEST support the architect's goals?

Answer options

• A. Utilize a challenge-response prompt as required input at username/password entry.
• B. Implement TLS and require the client to use its own certificate during handshake.
• C. Configure a web application proxy and institute monitoring of HTTPS transactions.
• D. Install a reverse proxy in the corporate DMZ configured to decrypt TLS sessions.

Correct answer: B

Explanation

The correct answer is B because implementing TLS with client certificates ensures that both parties authenticate each other, which effectively mitigates MITM attacks. Option A does not provide mutual authentication, while C only monitors traffic without ensuring secure communication. Option D involves decrypting TLS, which can expose sensitive data if not properly secured.