CompTIA CASP+ (CAS-004) — Question 531

A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions. Which of the following would BEST achieve that goal?

Answer options

• A. Utilize the SAN certificate to enable a single certificate for all regions.
• B. Deploy client certificates to all devices in the network.
• C. Configure certificate pinning inside the application.
• D. Enable HSTS on the application's server side for all communication.

Correct answer: C

Explanation

The correct answer is C, as certificate pinning helps prevent man-in-the-middle attacks by ensuring the application only accepts specific certificates, thus protecting against on-path attacks. Options A and B do not directly address the on-path attack concern, while D, while enhancing security, does not provide the same level of protection against attacks that certificate pinning offers.