A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources. The application was developed by a third-party organization, and it is now being used heavily, despite lacking the following controls:
Certificate pinning
Tokenization
Biometric authentication
The company has already implemented the following controls:
Full device encryption
Screen lock
Device password Remote wipe
The company wants to defend against interception of data attacks. Which of the following compensating controls should the company implement NEXT?
A. Enforce the use of a VPN when using the newly developed application
B. Implement a geofencing solution that disables the application according to company requirements
C. Implement an out-of-band second factor to authenticate authorized users
D. Install the application in a secure container requiring additional authentication controls
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
