After connecting to a secure payment server at https://pay.xyz.com, an auditor notices that the
SSL certificate was issued to *.xyz.com. The auditor also notices that many of the internal
development servers use the same certificate. After installing the certificate on dev1.xyz.com, one
of the developers reports misplacing the USB thumb-drive where the SSL certificate was stored.
Which of the following should the auditor recommend FIRST?
A.
Generate a new public key on both servers.
B.
Replace the SSL certificate on dev1.xyz.com.
C.
Generate a new private key password for both servers.
D.
Replace the SSL certificate on pay.xyz.com.