Question

A security analyst is evaluating solutions to deploy an additional layer of protection for a web application. The goal is to allow only encrypted communications without relying on network devices. Which of the following can be implemented?

1) HTTP security header
2) DNSSEC implementation
3) SRTP
4) S/MIME

Answer 1

The best solution for a security analyst to ensure encrypted web communication without network devices is to implement HTTP security headers, particularly the Strict-Transport-Security header, which enforces browser connections over HTTPS.

Step-by-step explanation:

The security analyst is looking for a method to ensure that communications with a web application are encrypted, without relying on network devices. Of the options listed, utilizing HTTP security headers can aid in enforcing secure communications by instructing the browser to prefer encrypted channels. Specifically, implementing the Strict-Transport-Security header can tell browsers to only use HTTPS, which ensures that data is encrypted during transit. DNSSEC and S/MIME are not directly related to web application traffic encryption in the context given, while SRTP is typically used for securing real-time transport protocol, usually in relation to VoIP or video conferencing, and is not applicable to web application traffic.