CAS-003 · Question #910
CAS-003 Question #910: Real Exam Question with Answer & Explanation
The correct answer is B: Internal application store. The scenario has two distinct requirements: (1) the application must not be distributed over the public internet, and (2) communication between the app and system must be encrypted and mutually authenticated. B (Internal application store) satisfies the distribution requirement -
Question
Options
- ATPM
- BInternal application store
- CHTTPS
- DUSB OTG
- ESideloading
- FOTA
Explanation
The scenario has two distinct requirements: (1) the application must not be distributed over the public internet, and (2) communication between the app and system must be encrypted and mutually authenticated. B (Internal application store) satisfies the distribution requirement - an enterprise MDM/internal app store operates entirely within the private corporate network, never exposing the application or backend system to the internet. C (HTTPS) satisfies the communication requirement - it provides TLS encryption and supports mutual certificate-based authentication (mTLS) between the client app and server. Together they address all three bullet points. Why the others fail: A (TPM) is a hardware key-storage chip, not an installation method. D (USB OTG) is a viable offline method but provides no encrypted/authenticated channel to the backend system. E (Sideloading) bypasses security controls entirely, which is inappropriate for an app carrying sensitive encryption material. F (OTA) requires network/internet connectivity, violating the 'not exposed to the internet' constraint.
Community Discussion
No community discussion yet for this question.