CompTIA CySA+ (CS0-002) — Question 90

A security engineer must deploy X 509 certificates to two web servers behind a load balancer. Each web server is configured identically. Which of the following should be done to ensure certificate name mismatch errors do not occur?

Answer options

• A. Create two certificates, each with the same fully qualified domain name, and associate each with the web servers’ real IP addresses on the load balancer.
• B. Create one certificate on the load balancer and associate the site with the web servers’ real IP addresses.
• C. Create two certificates, each with the same fully qualified domain name, and associate each with a corresponding web server behind the load balancer.
• D. Create one certificate and export it to each web server behind the load balancer.

Correct answer: D

Explanation

Option D is correct because creating one certificate and exporting it to each web server ensures that they all share the same certificate, avoiding any name mismatch errors. Options A and C create multiple certificates with the same domain name, which does not resolve the mismatch issue. Option B only addresses the load balancer and not the individual web servers, which can also lead to mismatches.