A security analyst is hardening a web server, which should allow a secure certificate-based session using the organization’s PKI infrastructure. The web server should also utilize the latest security techniques and standards. Given this set of requirements, which of the following techniques should the analyst implement to BEST meet these requirements? (Select two.)
A. Install an X- 509-compliant certificate.
B. Implement a CRL using an authorized CA.
C. Enable and configure TLS on the server.
D. Install a certificate signed by a public CA.
E. Configure the web server to use a host header.
The question says ” to BEST meet these requirements”. A certificate signed by a public CA is more secure than merely installing an X-509-compliant certificate that can be self-signed or generated by an in-house CA. And a CRL is a definite requirement for BEST security. TLS will confine web traffic, but not harden the web server. Answer should be B and D.