CompTIA CASP+ (CAS-004) — Question 137

A security analyst wants to keep track of all outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT, which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

Answer options

• A. X-Forwarded-Proto
• B. X-Forwarded-For
• C. Cache-Control
• D. Strict-Transport-Security
• E. Content-Security-Policy

Correct answer: B

Explanation

The correct answer is B, X-Forwarded-For, as it is specifically designed to carry the original client's IP address through proxy servers. The other options, such as Cache-Control and Content-Security-Policy, serve different purposes related to caching and content security but do not provide information about the client's IP address.