CompTIA Security Plus Mock Test Q291

A security technician wishes to gather and analyze all Web traffic during a particular time period. Which of the following represents the BEST approach to gathering the required data?

A. Configure a VPN concentrator to log all traffic destined for ports 80 and 443.
B. Configure a proxy server to log all traffic destined for ports 80 and 443.
C. Configure a switch to log all traffic destined for ports 80 and 443.
D. Configure a NIDS to log all traffic destined for ports 80 and 443.


Correct Answer: B
Section: Compliance and Operational Security

Explanation:
A proxy server is in essence a device that acts on behalf of others and in security terms all internal user interaction with the Internet should be controlled through a proxy server. This makes a proxy server the best tool to gather the required data.

Incorrect Answers:
A: The VPN concentrator creates an encrypted tunnel session between hosts, and many use two-factor authentication for additional security. A proxy server would still be the best tool
to gather the required information.
C: A switch can provide a monitoring port for troubleshooting and diagnostic purposes in addition to the virtual circuit that they can create between systems in a network. This helps to
reduce network trafffic, but a proxy server would be a better tool to gather the required data.
D: A network-based IDS (NIDS) approach to IDS attaches the system to a point in the network where it can monitor and report on all network traffic. However a proxy server would be
the best tool to gather the required data.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 105, 111