CompTIA CASP+ Practice Test

Which solution is MOST likely to limit non-web related traffic on a corporate intranet server?

• A. Implement a network switch
• B. Install a host firewall and WAF
• C. Change the server's IP address frequently
• D. Set up VPN access for all employees

The correct answer is: Install a host firewall and WAF

Installing a host firewall and a Web Application Firewall (WAF) is the most effective solution for limiting non-web related traffic on a corporate intranet server. A host firewall operates at the operating system level and can be configured to allow or block traffic based on specific rules. This enables the organization to control which types of traffic are permitted and ensures that only necessary traffic reaches the server. Meanwhile, a WAF specifically filters and monitors HTTP traffic to and from a web application, providing an additional layer of security against web-based threats such as SQL injection and cross-site scripting. By utilizing both a host firewall and a WAF, an organization can effectively manage and restrict traffic, allowing only web-related protocols and requests while blocking non-essential traffic. Utilizing a network switch simply directs traffic at the data link layer without filtering capabilities, which does not allow for traffic limitation based on type. Changing the server's IP address frequently may create confusion and lead to connectivity issues, but it does not inherently limit traffic types. Setting up VPN access for all employees secures remote connections but does not manage or filter traffic within the corporate intranet. Thus, the combination of a host firewall and a WAF stands out as the most comprehensive solution for this scenario.