CompTIA CASP+ (CAS-004) — Question 545

A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:

• Access to critical web services at the edge must be redundant and highly available.
• Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.
• Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.

Which of the following solutions BEST meets these requirements?

Answer options

• A. Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider.
• B. Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.
• C. Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.
• D. Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.

Correct answer: B

Explanation

Option B is correct because it ensures redundancy from different vendors, making it resilient to vulnerabilities, and utilizes playbooks for automated event-driven responses. Option A lacks sufficient redundancy and doesn't address the zero-day vulnerability adequately. Option C relies on a single vendor, which could lead to compatibility issues during a zero-day attack, while Option D does not meet the requirement for diverse vendor solutions and automated transitions.