Certified Ethical Hacker (CEH v13) — Question 283

Following an attack on its mobile infrastructure, an e-commerce company is reconsidering its mobile security strategies. In an event where an attacker has been able to gain partial root access to the mobile application, which of these tactics will offer the most effective barrier to additional exploitation?

Answer options

• A. Conducting regular vulnerability assessments and penetration testing on the mobile application.
• B. Leveraging secure coding practices and automated code review processes in the development stage.
• C. Implementation of certificate pinning to protect against Man-In-The-Middle (MITM) attacks.
• D. Implementing a mobile application management solution to control access rights and user permissions.

Correct answer: C

Explanation

Implementing certificate pinning is the most effective approach because it ensures that the mobile application only accepts trusted certificates, thus preventing MITM attacks even if the attacker has partial root access. The other options, while important for overall security, do not specifically address the immediate threat of an attacker intercepting communications to exploit the application further.