CompTIA CASP+ (CAS-004) — Question 90

A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.
Which of the following is the MOST likely cause?

Answer options

• A. The user agent client is not compatible with the WAF.
• B. A certificate on the WAF is expired.
• C. HTTP traffic is not forwarding to HTTPS to decrypt.
• D. Old, vulnerable cipher suites are still being used.

Correct answer: C

Explanation

The correct answer is C because if HTTP traffic is not being redirected to HTTPS, the WAF cannot decrypt the traffic for inspection, leading to no visibility. Options A and B do not directly affect the logging of traffic, and option D relates to security but does not explain the lack of visibility in the logs.