nerdexam
CompTIA

CV0-003 · Question #805

A cloud administrator receives an email stating the following: "Clients are receiving emails from our web application with non-encrypted links." Which of the following should be configured to redirect

The correct answer is C. Web server configuration. Configuring an HTTP-to-HTTPS redirect is a web server-level operation, typically done via server configuration files in Apache or Nginx, to ensure all traffic uses encrypted connections.

Security

Question

A cloud administrator receives an email stating the following:

"Clients are receiving emails from our web application with non-encrypted links." Which of the following should be configured to redirect the traffic to https://?

Options

  • AUser account access
  • BProgramming code
  • CWeb server configuration
  • DLoad balancer setting

How the community answered

(43 responses)
  • B
    2% (1)
  • C
    93% (40)
  • D
    5% (2)

Why each option

Configuring an HTTP-to-HTTPS redirect is a web server-level operation, typically done via server configuration files in Apache or Nginx, to ensure all traffic uses encrypted connections.

AUser account access

User account access controls manage authentication and authorization for users, and have no role in enforcing transport-layer encryption or URL scheme redirection.

BProgramming code

While application code could theoretically generate HTTPS links, modifying programming code is not the standard or reliable way to enforce protocol redirection across an entire web server.

CWeb server configurationCorrect

Web servers such as Apache and Nginx have built-in directives to issue 301 or 302 redirects from HTTP (port 80) to HTTPS (port 443). In Apache this is done with a Redirect or RewriteRule in the VirtualHost block, and in Nginx with a return 301 directive. This is the standard, centralized approach to enforcing HTTPS for all outgoing links and responses generated by the web application.

DLoad balancer setting

A load balancer can perform SSL termination and redirects, but the question context of fixing non-encrypted links in application emails points to a web server configuration issue rather than a load balancer setting.

Concept tested: Web server HTTP to HTTPS redirect configuration

Source: https://httpd.apache.org/docs/2.4/rewrite/remapping.html

Topics

#HTTPS redirect#web server configuration#SSL/TLS#traffic encryption

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice