CAS-003 · Question #623
CAS-003 Question #623: Real Exam Question with Answer & Explanation
The correct answer is A: Block outbound SSL traffic to prevent data exfiltration.. The corporate policy mandates that all Internet traffic must be business-related. The analysis reveals the connection is dominated by SSL traffic resolving to CDNs - which commonly serve personal content such as streaming media, social platforms, and consumer software. Since the
Question
Exhibit
Options
- ABlock outbound SSL traffic to prevent data exfiltration.
- BConfirm the use of the CDN by monitoring NetFlow data
- CFurther investigate the traffic using a sanctioned MITM proxy.
- DImplement an IPS to drop packets associated with the CDN.
Explanation
The corporate policy mandates that all Internet traffic must be business-related. The analysis reveals the connection is dominated by SSL traffic resolving to CDNs - which commonly serve personal content such as streaming media, social platforms, and consumer software. Since the content inside SSL tunnels cannot be inspected without a proxy, and the policy requires all traffic to be business-related, blocking outbound SSL to non-business CDNs (A) directly enforces the policy and frees saturated bandwidth. Option B (NetFlow monitoring) only confirms CDN use without enforcing the policy. Option C (MITM proxy) would allow content inspection, but the question asks what recommendation meets the stated corporate requirement immediately. Option D (IPS dropping CDN packets) is less targeted and would affect legitimate business CDN usage.
Community Discussion
No community discussion yet for this question.