CompTIA CASP+ (CAS-004) — Question 277

A company wants to improve the security of its web applications that are running on in-house servers. A risk assessment has been performed, and the following capabilities are desired:

• Terminate SSL connections at a central location
• Manage both authentication and authorization for incoming and outgoing web service calls
• Advertise the web service API
• Implement DLP and anti-malware features

Which of the following technologies will be the BEST option?

Answer options

• A. WAF
• B. XML gateway
• C. ESB gateway
• D. API gateway

Correct answer: D

Explanation

The API gateway is the most suitable option as it can effectively manage SSL termination, control authentication and authorization for web services, promote APIs, and incorporate DLP and anti-malware solutions. A WAF primarily focuses on protecting web applications from attacks, while an XML gateway and ESB gateway do not provide the comprehensive set of features required for this scenario.