An engineer wants to inspect traffic to a cluster of web servers in a cloud environment Which of the following solutions should the engineer implement? (Select two).
Correct Answer: B,C
A web application firewall (WAF) is a solution that inspects traffic to a cluster of web servers in a cloud environment and protects them from common web-based attacks, such as SQL injection, cross-site scripting, and denial-of-service1. A WAF can be deployed as a cloud service or as a virtual appliance in front of the web servers. A load balancer is a solution that distributes traffic among multiple web servers in a cloud environment and improves their performance, availability, and scalability2. A load balancer can also perform health checks on the web servers and route traffic only to the healthy ones. The other options are not relevant to this scenario. A CASB is a cloud access security broker, which is a solution that monitors and controls the use of cloud services by an organization's users3. A VPN is a virtual private network, which is a solution that creates a secure and encrypted connection between two networks or devices over the internet. TLS is Transport Layer Security, which is a protocol that provides encryption and authentication for data transmitted over a network. DAST is dynamic application security testing, which is a method of testing web applications for vulnerabilities by simulating attacks on them.
References: 1: https://www.imperva.com/learn/application-security/what-is-a-web-application-firewall-waf/
2: https://www.imperva.com/learn/application-security/load-balancing/
3: https://www.imperva.com/learn/application-security/cloud-access-security-broker-casb/
3: https://www.imperva.com/learn/application-security/vpn-virtual-private-network/
4: https://www.imperva.com/learn/application-security/transport-layer-security-tls/
5: https://www.imperva.com/learn/application-security/dynamic-application-security-testing-dast/
6: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/plan-for-traffic-ins
7: https://docs.microsoft.com/en-us/azure/private-link/inspect-traffic-with-azure-firewall
8: https://docs.microsoft.com/en-us/azure/architecture/example-scenario/gateway/application-gateway-before-azure