9h • 🙋♂️ CISSP
CISSP Practice Question – Domain 4 (Communication & Network Security)
A global enterprise adopts a strict zero-trust network architecture. All workloads—on-prem, cloud, and containerized—must mutually authenticate before communicating.
To comply with regulatory requirements, the company must also maintain full packet-level visibility for threat analysis and incident response.
Which solution BEST satisfies all of these requirements simultaneously?
A. Deploy full end-to-end TLS between all workloads and rely on IDS/IPS to inspect only metadata and flow logs.
B. Use a TLS termination proxy at network choke points and decrypt all internal traffic for inspection before re-encrypting.
C. Implement mutual TLS within a service mesh that supports encrypted telemetry export and out-of-band traffic mirroring for deep packet inspection.
D. Use host-based agents to perform inline decryption on each workload and send decrypted payload streams to the central IDS via secure channels.
3
8 comments
CISSP Practice Question – Domain 4 (Communication & Network Security)
skool.com/cybersecurity-study-group
Share resources, get advice, and connect with peers studying cybersecurity. Join our CISSP study group and connect with fellow professionals today!
Leaderboard (30-day)
1
+45
2
+30
3
+30
4
+26
5
+15
Powered by