Customers’ credit card information was stolen from a popular video streaming company. A security
consultant determined that the information was stolen, while in transit, from the gaming consoles of a
particular vendor. Which of the following methods should the company consider to secure this data in the
future?

A.
Application firewalls

B.
Manual updates

C.
Firmware version control

D.
Encrypted TCP wrappers

Explanation:
Wrapping sensitive systems with a specific control is required when protecting data in transit. TCP
wrappers are also security controls. TCP Wrapper is a host-based networking ACL system, used to filter
network access to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD. It
allows host or subnetwork IP addresses, names and/or inetd query replies, to be used as tokens on which
to filter for access control purposes.
TCP Wrapper should not be considered a replacement for a properly configured firewall. Instead, TCP
Wrapper should be used in conjunction with a firewall and other security enhancements in order to
provide another layer of protection in the implementation of a security policy.
Incorrect Answers:
A: Application firewalls are usually better protection for database servers or web servers than are other
types of firewalls. Application firewalls, in addition to packet filtering, filter specific application related
content.
B: Manual updates will not be practical considering that data is in transit when it gets stolen.
C: Firmware version control is closely related to updating the firmware. You should always be sure that
each device is using the correct version of firmware since viruses may specifically target the firmware in
routers and switches if you do not update these.

https://www.freebsd.org/doc/handbook/tcpwrappers.html
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 421