CompTIA Security+ (SY0-601) — Question 166

A security analyst is hardening a network infrastructure. The analyst is given the following requirements:

• Preserve the use of public IP addresses assigned to equipment on the core router.
• Enable "in transport" encryption protection to the web server with the strongest ciphers.

Which of the following should the analyst implement to meet these requirements? (Choose two.)

Answer options

• A. Configure VLANs on the core router.
• B. Configure NAT on the core router.
• C. Configure BGP on the core router.
• D. Enable AES encryption on the web server.
• E. Enable 3DES encryption on the web server.
• F. Enable TLSv2 encryption on the web server.

Correct answer: B, F

Explanation

The correct answers are B and F. Configuring NAT on the core router allows for the preservation of public IP addresses while managing internal traffic, and enabling TLSv2 provides robust 'in transport' encryption for web server communications. The other options do not meet the requirements of preserving public IPs or providing the strongest encryption.