CompTIA CASP+ (CAS-004) — Question 15

A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.
Which of the following would be the BEST solution against this type of attack?

Answer options

• A. Cookies
• B. Wildcard certificates
• C. HSTS
• D. Certificate pinning

Correct answer: D

Explanation

Certificate pinning is the best defense against HTTPS interception attacks as it ensures that the application only accepts a specific certificate or public key, effectively preventing man-in-the-middle attacks. The other options like Cookies, Wildcard certificates, and HSTS do not provide the same level of security against interception since they do not restrict which certificates are trusted by the app.