The correct answer is AB imo. Geolocation , Time of day restriction.

Most people chose AB, but I believe that is incorrect. The question presents TWO issues to address: 1) Ensuring that employees do not work from a high-risk country while on vacation. 2) Preventing employees from outsourcing their work. The Geolocation answer addresses the first concern of the CISO, which is to prevent employees from working from other countries or high-risk countries. The other chosen answer (time of day restrictions) does not address the second concern of the CISO. Therefore, among the remaining answers, the only one that seems to address that concern is certificate-based authentication, which would allow only authorized devices with the installed certificate to work and connect to the company, preventing a third party from doing so.

AB. Reasoning: The CEO wants staff to be able to work from home "anytime during business hours", and away from "high-risk countries". Time of day restriction fits with B, Geolocation fits with the location.

Key words "high risk country" and "Outsource work to a 3rd party". Geolocation covers the high risk country and would also include the time and day of the country. Certificates takes care of making sure the work is not outsourced because it binds to the users ID.

AC because the CEO allow "anytime of day" which eliminate time of day restriction.

Geolocation to stop outsourcing. Time ODR as the CEO only wants people working during business hours.

Answer A. Geolocation F. Role-based access controls

I think is A and C A) Geolocation: this would help in restricting access based on the physical location. C) Certificates: This can help mitigate the risk of unauthorized access, especially from third-party organizations. How does "Time of day restriction" address the concern of preventing employees from outsourcing work to a third-party organization?

Geolocation will prevent users from operating inside high risk countries and certificates will prevent the outsourcing of work to 3rd party organizations.

this question is also a few pages before a bit differently worded agreed it is A and B

These two are priority basis over others

answers are B and F. B. Time-of-day restrictions: Implementing time-of-day restrictions would allow the organization to define specific business hours during which staff members are allowed to work from home. Outside of these hours, remote access could be limited or restricted entirely, reducing the likelihood of staff members working from high-risk countries during non-business hours or while on holiday. F. Role-based access controls: Role-based access controls (RBAC) would help the organization control and limit the activities that staff members can perform based on their roles and responsibilities. By defining appropriate access rights and permissions for each role, the CEO can ensure that staff members do not have the ability to outsource work to third-party organizations or perform tasks that are beyond their designated responsibilities.

Answer is C & E. The risks are "...work from high-risk countries while on holiday or outsource work to a third-party organization in another country." The first issue will be addressed by Geotagging and the outsourcing risk will definitely be prevented by validating the certificates.

A. Geolocation: Implementing geolocation controls can help restrict access based on the physical location of the users. By defining approved locations or blocking high-risk countries, the organization can ensure that remote work is limited to authorized regions. B. Time-of-day restrictions: Enforcing time-of-day restrictions can limit remote access to specific business hours or predefined timeframes. This control ensures that employees cannot work from any location outside of designated working hours.

Chatgpt says B and F. When I pressed further it said A could also be an answer but the best two answers are B and F.

I agree that AB is the answer. The reason why I chose B (Time-of-day restrictions) is that the CEO would like people to work from home anytime DURING BUSINESS HOURS, which makes sense because having people connecting to the corporate network 24/7 could create the need for more security monitoring and become expensive for the company if they dont need people working outside business hours.

RBAC can limit access to sensitive company information and resources to only those employees who require it for their job function. Employees will not be able to outsource work