CompTIA Security+ (SY0-701) — Question 167

The CIRT is reviewing an incident that involved a human resources recruiter exfiltrating sensitive company data. The CIRT found that the recruiter was able to use HTTP over port 53 to upload documents to a web server. Which of the following security infrastructure devices could have identified and blocked this activity?

Answer options

• A. WAF utilizing SSL decryption
• B. NGFW utilizing application inspection
• C. UTM utilizing a threat feed
• D. SD-WAN utilizing IPSec

Correct answer: B

Explanation

The correct answer is B, as a Next-Generation Firewall (NGFW) with application inspection can analyze traffic at a deeper level, allowing it to recognize and block unauthorized HTTP traffic on unusual ports like 53. Option A, WAF utilizing SSL decryption, focuses on web application security and may not address the port issue; C, UTM utilizing a threat feed, may provide general threat detection but lacks specific application controls; D, SD-WAN utilizing IPSec, primarily concerns secure connectivity rather than traffic inspection.