CompTIA SecurityX (CAS-005) — Question 228
A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:
• www.mycompany.org
• www.mycompany.com
• campus.mycompany.com
• wiki.mycompany.org
The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the best solution?
Answer options
- A. Purchase one SAN certificate.
- B. Implement self-signed certificates.
- C. Purchase one certificate for each website.
- D. Purchase one wildcard certificate.
Correct answer: A
Explanation
The correct answer is A, as a SAN (Subject Alternative Name) certificate allows multiple domains to be secured under one certificate, thus reducing costs for the organization. Option B is not ideal for production environments since self-signed certificates do not provide trusted security. Option C would lead to higher costs as it requires separate certificates for each site, and option D, while cheaper than individual certificates, would not provide the same level of specificity for different subdomains.