A technician is tasked with securing a legacy web application that only supports HTTP, not HTTPS. The application is critical for internal operations but must be accessible remotely. What is the best way to secure the traffic without modifying the application?
A VPN encrypts all traffic between the remote user and the network, securing the legacy HTTP traffic without changing the app.
Why this answer
Option B is correct because a VPN creates an encrypted tunnel between the remote user and the internal network, securing all HTTP traffic without any modification to the legacy application. Since the application only supports HTTP, it cannot serve HTTPS natively, and a VPN provides transport-layer encryption (e.g., IPsec or TLS-based VPN) that protects data in transit over untrusted networks.
How to eliminate wrong answers
Option A is wrong because installing a self-signed SSL certificate on the server does not enable HTTPS; the application itself must support HTTPS to use the certificate, and a legacy HTTP-only application cannot serve HTTPS without code changes. Option C is wrong because HSTS is an HTTP response header that enforces HTTPS connections from browsers, but it requires the server to already support HTTPS, which this legacy application does not. Option D is wrong because configuring the browser to use a proxy server only redirects traffic through an intermediary; it does not encrypt the traffic between the client and the proxy, leaving the HTTP data exposed on the network.