CompTIA Network+ (N10-008) — Question 623

An older web server on a screened subnet is serving unencrypted web traffic. The server is not capable of serving HTTPS traffic directly, but the firewall is capable of doing so. Which of the following should be done to encrypt all traffic coming into the web server from outside the network? (Choose two.)

Answer options

• A. A certificate should be installed on the server.
• B. Incoming port 80 traffic at the firewall should be forwarded to port 443 on the server.
• C. Incoming port 80 traffic at the firewall should be forwarded to port 80 on the server.
• D. Incoming port 443 traffic at the firewall should be forwarded to port 80 on the server.
• E. A certificate should be installed on the firewall.
• F. A proxy server should be installed on the screened subnet.

Correct answer: D, E

Explanation

The correct actions are to forward incoming port 443 traffic at the firewall to port 80 on the server (D), which allows the firewall to handle HTTPS traffic and then send the decrypted HTTP traffic to the server. Additionally, installing a certificate on the firewall (E) is necessary to facilitate the secure connection. Installing a certificate on the server (A) is unnecessary since it cannot serve HTTPS, and forwarding port 80 traffic (B and C) does not help with encryption.