A security administrator is redesigning, and implementing a service-oriented architecture to
replace an old, in-house software processing system, tied to a corporate sales website. After
performing the business process analysis, the administrator decides the services need to operate
in a dynamic fashion. The company has also been the victim of data injection attacks in the past
and needs to build in mitigation features. Based on these requirements and past vulnerabilities,
which of the following needs to be incorporated into the SOA?

A.
Point to point VPNs for all corporate intranet users.

B.
Cryptographic hashes of all data transferred between services.

C.
Service to service authentication for all workflows.

D.
Two-factor authentication and signed code