CompTIA CASP+ (CAS-003) — Question 248

A company wants to secure a newly developed application that is used to access sensitive information and data from corporate resources. The application was developed by a third-party organization, and it is now being used heavily, despite lacking the following controls:
✑ Certificate pinning
✑ Tokenization
✑ Biometric authentication
The company has already implemented the following controls:
✑ Full device encryption
✑ Screen lock
✑ Device password
✑ Remote wipe
The company wants to defend against interception of data attacks. Which of the following compensating controls should the company implement NEXT?

Answer options

• A. Enforce the use of a VPN when using the newly developed application
• B. Implement a geofencing solution that disables the application according to company requirements
• C. Implement an out-of-band second factor to authenticate authorized users
• D. Install the application in a secure container requiring additional authentication controls

Correct answer: C

Explanation

The correct answer is C because implementing an out-of-band second factor strengthens the authentication process, making it harder for unauthorized users to access the application. Options A and B provide additional controls but do not directly enhance user authentication, while D, although beneficial, does not address the immediate need for improving user verification with a second factor.