ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 418 discussion

Actual exam question from CompTIA's CAS-003
Question #: 418
Topic #: 1
[All CAS-003 Questions]

A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources. The application was developed by a third-party organization, and it is now being used heavily, despite lacking the following controls:
✑ Certificate pinning
✑ Tokenization
✑ Biometric authentication
The company has already implemented the following controls:
✑ Full device encryption
✑ Screen lock
✑ Device password
✑ Remote wipe
The company wants to defend against interception of data attacks. Which of the following compensating controls should the company implement NEXT?

  • A. Enforce the use of a VPN when using the newly developed application
  • B. Implement a geofencing solution that disables the application according to company requirements
  • C. Implement an out-of-band second factor to authenticate authorized users
  • D. Install the application in a secure container requiring additional authentication controls
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by D1960 at May 6, 2021, 9:53 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
sm24
3 years, 2 months ago
As they are trying to prevent interception of data (confidentiality) and also as the application is accessed from the corporate devices, VPN (encryption), makes most sense.
upvoted 2 times
...
DrChats
3 years, 5 months ago
IM thinking D....
upvoted 1 times
vorozco
3 years, 2 months ago
Reasoning?
upvoted 1 times
...
vorozco
3 years, 2 months ago
They want to defend against INTERCEPTION, so data in transit. Installing the application in a secure container requiring additional authentication controls does nothing for defending against interception.
upvoted 1 times
...
...
SoniSoni
3 years, 8 months ago
A. VPN. in the out of band factor.... what factor are they even talking about??
upvoted 2 times
D1960
3 years, 8 months ago
Could be some kind of token, that give you a pin that you have to enter.
upvoted 1 times
...
...
D1960
3 years, 12 months ago
Maybe: A. Enforce the use of a VPN when using the newly developed application ? According the question: "The company wants to defend against interception of data attacks." This is exactly what a VPN is for. An "out-of-band second factor to authenticate authorized users" may, or may not help.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago