A mobile gaming company wants to secure the newest version of a game against an on-path attack. The company hires a security architect to perform a threat modeling exercise. Which of the following is the best solution for the architect to recommend?
A.
Requiring certificate pinning in the mobile application
B.
Setting up obfuscation techniques to make reverse engineering more difficult.
C.
Configuring client authentication using certificates within the mobile application.
D.
Developing checks within the application for rooted devices.
A. Requiring certificate pinning in the mobile application: Certificate pinning is a security technique used to prevent man-in-the-middle (MITM) or on-path attacks, which are often the focus in these types of scenarios. When certificate pinning is implemented, the mobile application only trusts specific, predefined certificates for HTTPS communication. This helps prevent an attacker from using a fraudulent or compromised certificate to intercept the communication between the mobile device and the server. It's an effective solution to defend against on-path attacks, such as those where attackers intercept traffic to manipulate or steal data.
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.CAS-004 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Bright07
3 months ago