CompTIA CASP+ Practice Test

What should a corporation’s Information Security Officer prioritize when addressing SSL certificate exposure?

• A. Regular audits of SSL certificate usage
• B. Limiting distribution of SSL certificates
• C. Implementing SSL certificate pinning
• D. Remediating vulnerabilities in associated systems

The correct answer is: Implementing SSL certificate pinning

Prioritizing SSL certificate pinning is crucial for enhancing an organization's security posture against potential attacks such as man-in-the-middle attacks. SSL certificate pinning is a technique used to ensure that a client will only accept a specific SSL certificate for a particular server, effectively reducing the risk of trusting certificates from other authorities or compromised sources. By implementing SSL certificate pinning, an organization can mitigate risks associated with the exposure of SSL certificates. This approach helps to ensure that even if an unauthorized certificate is presented (for example, due to exposure or compromise of the certificate), the client will reject it if it does not match the pinned certificate. This added layer of security can significantly decrease the chances of data interception and eavesdropping, thus protecting sensitive information transmitted over the network. While regular audits, limiting distribution, and remediating vulnerabilities are important security practices, they do not directly address the immediate risks associated with SSL certificate exposure in the same way that pinning does. Regular audits help in identifying misconfigurations or misuse but do not implement a preventive measure against attacks. Limiting distribution is also crucial but does not offer a guarantee that a valid connection to the intended server is secure. Lastly, remediating vulnerabilities in associated systems is essential for overall system security