CompTIA CASP+ (CAS-004) — Question 294

A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:

• www.mycompany.org
• www.mycompany.com
• campus.mycompany.com
• wiki.mycompany.org

The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the best solution?

Answer options

• A. Purchase one SAN certificate.
• B. Implement self-signed certificates.
• C. Purchase one certificate for each website.
• D. Purchase one wildcard certificate.

Correct answer: A

Explanation

The correct answer is A, as a SAN (Subject Alternative Name) certificate allows multiple domains to be secured under one certificate, thus saving costs. Option B is not suitable for production environments due to trust issues, while C would be more expensive and inefficient. Option D, while also a valid choice, is less optimal in this scenario since a SAN certificate can cover all specified domains effectively.