A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources. The application was developed by a third-party organization, and it is now being used heavily, despite lacking the following controls:
✑ Certificate pinning
✑ Tokenization
✑ Biometric authentication
The company has already implemented the following controls:
✑ Full device encryption
✑ Screen lock
✑ Device password
✑ Remote wipe
The company wants to defend against interception of data attacks. Which of the following compensating controls should the company implement NEXT?

A. Enforce the use of a VPN when using the newly developed application

B. Implement a geofencing solution that disables the application according to company requirements

C. Implement an out-of-band second factor to authenticate authorized users

D. Install the application in a secure container requiring additional authentication controls








 

Suggested Answer: C





This question is in CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam
For getting CompTIA Advanced Security Practitioner (CASP+) Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.