CompTIA SecurityX (CAS-005) — Question 311

A security architect is onboarding a new EDR agent on servers that traditionally do not have internet access. In order for the agent to receive updates and report back to the management console, some changes must be made. Which of the following should the architect do to best accomplish this requirement? (Choose two.)

Answer options

• A. Create a firewall rule to only allow traffic from the subnet to the internet via a proxy.
• B. Configure a proxy policy that blocks all traffic on port 443
• C. Configure a proxy policy that allows only fully qualified domain names needed to communicate to a portal
• D. Create a firewall rule to only allow traffic from the subnet to the internet via port 443.
• E. Create a firewall rule to only allow traffic from the subnet to the internet to fully qualified names that are not identified as malicious by the firewall vendor
• F. Configure a proxy policy that blocks only lists of known-bad fully qualified domain names

Correct answer: A, C

Explanation

The correct answers are A and C because creating a firewall rule to allow traffic through a proxy (A) ensures that the EDR agent can communicate with the necessary services, while allowing only specific fully qualified domain names (C) ensures that it can reach the update portal while maintaining security. The other options either block necessary traffic or do not provide the required level of access for the EDR agent to function effectively.