CompTIA CySA+ (CS0-003) — Question 455

The DevSecOps team is remediating an SSRF issue on the company's public-facing website. Which of the following is the best mitigation technique to address this issue?

Answer options

• A. Place a WAF in front of the web server.
• B. Install a CASB in front of the web server
• C. Put a forward proxy in front of the web server.
• D. Implement MFA in front of the web server

Correct answer: A

Explanation

A Web Application Firewall (WAF) is specifically designed to filter and monitor HTTP traffic to and from a web application, effectively addressing SSRF vulnerabilities. The other options, such as CASB and forward proxy, do not directly mitigate SSRF issues, while MFA is focused on authentication rather than web traffic filtering.