Due to a security breach initiated from South America, the Chief Security Officer (CSO) instructed a team to design and implement an appropriate security control to prevent such an attack from reoccurring. The company has sales and consulting teams across the United States that need access to company resources. The security manager implemented a location-based authentication to prevent non-US-based access to the company networks. Three months later, the same incident reoccurred with an attack originating from a country in Asia. Which of the following security design defects could be the cause?
A. The team did not account for the VPN access and did not ensure non-repudiation
B. The company just replaced a firewall that had a DDoS vulnerability
C. The sales and supports are reusing the same passwords for their personal accounts, such as banking and email
D. The hackers left a backdoor within the company networks that was not cleaned successfully