A company’s existing forward proxies support software-based TLS decryption, but are currently at 60% load just dealing with AV scanning and content analysis for HTTP traffic. More than 70% outbound web traffic is currently encrypted. The switching and routing network infrastructure precludes adding capacity, preventing the installation of a dedicated TLS decryption system. The network firewall infrastructure is currently at 30% load and has software decryption modules that can be activated by purchasing additional license keys. An existing project is rolling out agent updates to end-user desktops as part of an endpoint security refresh.
Which of the following is the BEST way to address these issues and mitigate risks to the organization?
A. Purchase the SSL, decryption license for the firewalls and route traffic back to the proxies for end-user categorization and malware analysis.
B. Roll out application whitelisting to end-user desktops and decommission the existing proxies, freeing up network ports.
C. Use an EDP solution to address the malware issue and accept the diminishing role of the proxy for URL categorization in the short team.
D. Accept the current risk and seek possible funding approval in the next budget cycle to replace the existing proxies with ones with more capacity.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Why not: C. Use an EDP solution to address the malware issue and accept the diminishing role of the proxy for URL categorization in the short team ?
Why purchase an SSL licence? SSL is deprecated. An EDR (not EDP) solution would free up the forward proxies, and you use TLS instead of SSL.
should be A
Agreed, B is a bogus answer.
Answer is A. Purchase the SSL.
I just took the CASP 3 exam and pass it after 3rd attempts. Thank you to this board’s help. There are many new questions as of November 2020. But the questions built on similar concepts. All the Simulation questions are still there with 2 new ones. One simulation for Nmap; you need to identify the role of the server base on the Nmap scan… example: port 80, 443 on server 10.1.1.1. This is a Web Server. Other simulation includes CVSS vulnerability identification. If I have to start again, I would read the book and watch CASP videos and do practice exams. Good luck everyone.