CAS-003 · Question #697
CAS-003 Question #697: Real Exam Question with Answer & Explanation
The correct answer is A: Enforce the use of a VPN when using the newly developed application.. To defend against interception-of-data (man-in-the-middle) attacks when certificate pinning is absent, enforcing a VPN is the best compensating control. A VPN establishes an encrypted tunnel for all traffic between the device and the corporate network, ensuring that even if traff
Question
Options
- AEnforce the use of a VPN when using the newly developed application.
- BImplement a geofencing solution that disables the application according to company
- CImplement an out-of-band second factor to authenticate authorized users
- DInstall the application in a secure container requiring additional authentication controls.
Explanation
To defend against interception-of-data (man-in-the-middle) attacks when certificate pinning is absent, enforcing a VPN is the best compensating control. A VPN establishes an encrypted tunnel for all traffic between the device and the corporate network, ensuring that even if traffic is intercepted, it cannot be read or tampered with. Certificate pinning would normally prevent TLS interception by validating the server's specific certificate, but VPN encryption compensates for its absence. Geofencing (B) controls location-based access but does not protect data in transit. Out-of-band 2FA (C) strengthens authentication, not confidentiality of transmitted data. A secure container (D) adds application isolation but does not directly address interception of data over the network.
Community Discussion
No community discussion yet for this question.