CompTIA Security+ Question L-28

A new mobile banking application is being developed and uses SSL / TLS certificates but penetration tests show that it is still vulnerable to man-in-the-middle attacks, such as DNS hijacking. Which of the following would mitigate this attack?

A. Certificate revocation
B. Key escrow
C. Public key infrastructure
D. Certificate pinning

Answer: D