What is a recommended defense for the CIS Control for Application Software Security?

What is a recommended defense for the CIS Control for Application Software Security?
A . Keep debugging code in production web applications for quick troubleshooting
B . Limit access to the web application production environment to just the developers
C . Run a dedicated vulnerability scanner against backend databases
D . Display system error messages for only non-kernel related events

View Answer

Answer: C