CompTIA Security+ (SY0-501) — Question 324

An organization wants to implement a method to correct risks at the system/application layer. Which of the following is the BEST method to accomplish this goal?

Answer options

• A. IDS/IPS
• B. IP tunneling
• C. Web application firewall
• D. Patch management

Correct answer: C

Explanation

The best method to address risks specifically at the system/application layer is a Web application firewall (WAF), as it is designed to protect web applications by filtering and monitoring HTTP traffic. In contrast, IDS/IPS primarily focus on network traffic monitoring and intrusion prevention, IP tunneling is related to secure data transport, and patch management involves updating software but does not directly mitigate risks in real-time.