CompTIA CASP+ (CAS-003) — Question 98

A company's existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for
HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project is rolling out agent updates to end-user desktops as part of an endpoint security refresh.
Which of the following is the BEST way to address these issues and mitigate risks to the organization?

Answer options

• A. Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis.
• B. Roll out application whitelisting to end-user desktops and decommission the existing proxies, freeing up network ports.
• C. Use an EDP solution to address the malware issue and accept the diminishing role of the proxy for URL categorization in the short team.
• D. Accept the current risk and seek possible funding approval in the next budget cycle to replace the existing proxies with ones with more capacity.

Correct answer: A

Explanation

Option A is correct because it allows the organization to utilize existing firewall capacity for TLS decryption, thus enabling effective traffic analysis without overloading the proxies. Option B is less effective as decommissioning the proxies could leave the organization vulnerable. Option C does not address the need for URL categorization and may increase risks. Option D postpones the solution and does not mitigate immediate risks.