CompTIA Security+ (SY0-701) — Question 267

A security team is addressing a risk associated with the attack surface of the organization's web application over port 443. Currently, no advanced network security capabilities are in place. Which of the following would be best to set up? (Choose two.)

Answer options

• A. NIDS
• B. Honeypot
• C. Certificate revocation list
• D. HIPS
• E. WAF
• F. SIEM

Correct answer: A, E

Explanation

Implementing a Network Intrusion Detection System (NIDS) helps monitor and analyze network traffic for potential threats, while a Web Application Firewall (WAF) provides protection specifically for web applications against various attacks. The other options, such as Honeypots and HIPS, may not address the vulnerabilities of the web application as effectively, and the Certificate revocation list is more about managing certificates than directly securing the application.