Certified Information Systems Auditor (CISA) — Question 713

An e-commerce company wants to ensure customers can update payment information securely through their phones. On which servers should Transport Layer Security (TLS) certificates be installed?

Answer options

• A. Proxy servers
• B. Web servers
• C. Database servers
• D. Application servers

Correct answer: B

Explanation

TLS certificates should be installed on web servers because they handle the HTTPS connections that secure communications between the customer's device and the server. Proxy servers may forward requests but do not directly manage secure connections, while database and application servers do not typically handle these secure transactions with end-users.