Certified Information Systems Auditor (CISA) — Question 225

Which of the following development practices would BEST mitigate the risk associated with theft of user credentials transmitted between mobile devices and the corporate network?

Answer options

• A. Enforce the validation of digital certificates used in the communication sessions.
• B. Release mobile applications in debugging mode to allow for easy troubleshooting.
• C. Embed cryptographic keys within the mobile application source code.
• D. Allow persistent sessions behveen mobile applications and the corporate network.

Correct answer: A

Explanation

Option A is correct because validating digital certificates ensures that the communication is secure and trusted, preventing interception of user credentials. Options B and C expose the application to security vulnerabilities, as debugging can reveal sensitive information and hardcoding keys can lead to their extraction. Option D can increase the risk of credential theft by maintaining open sessions that may be exploited.