ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 383 discussion

Actual exam question from ISC's CISSP
Question #: 383
Topic #: 1
[All CISSP Questions]

Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device which has been stolen?

  • A. Mobile Device Management (MDM) with device wipe
  • B. Mobile device tracking with geolocation
  • C. Virtual private network (VPN) with traffic encryption
  • D. Whole device encryption with key escrow
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Humongous1593 at Oct. 13, 2022, 11:57 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Humongous1593
Highly Voted 2 years, 8 months ago
Selected Answer: D
If the device is encrypted then they can't get at the data. The other answers don't work because what if its turned off or no signal. Remote wipe won't work. Geolocate won't work. Even if you could locate it, then what? The police won't do anything.
upvoted 16 times
Zapepelele
6 months ago
MDM includes option-D (encryption enforcement) and more... so the answer is option-A.
upvoted 1 times
...
Maximillian
10 months ago
I believe D also has its own potential weakness that its escrowed key could be compromised. In case of device wipe there is no weakness on its own.
upvoted 1 times
...
Clay
2 years, 5 months ago
I Choose A. What's purpose of stealing a mobile device for it to be offline.
upvoted 2 times
Serliop378
2 years ago
Because in case of encryption, they will instead purge/format the drives to sell it on the market, so the first thing a thief does is to not activate any geolocating services, including going online
upvoted 1 times
...
...
jackdryan
2 years, 1 month ago
A is correct
upvoted 2 times
...
Load full discussion...
...
krassko
Highly Voted 2 years, 8 months ago
Selected Answer: A
But A includes D. You can enable encryption in Management Tool + lot more.
upvoted 11 times
...
a_kto_to
Most Recent 3 weeks, 4 days ago
Selected Answer: D
While A seems good, D is bether as MDM with device wipe: Relies on internet connectivity and timely execution. If the device is offline, data remains vulnerable until the wipe command is received
upvoted 1 times
...
BigITGuy
2 months, 2 weeks ago
Selected Answer: A
The most effective feature to mitigate data theft if a corporate mobile device is stolen is the ability to remotely wipe the device via MDM. Completely erase all corporate data and applications to prevent unauthorized access.
upvoted 1 times
...
deeden
10 months, 1 week ago
Selected Answer: A
LOL it is like chicken and eggs kind of scenario here. You need both A and D and Strong Password + auto-wipe after 3 failed attempts. I hate these types of questions :)
upvoted 3 times
...
CCNPWILL
1 year ago
Selected Answer: A
Going with A. Also, similar questions like this with lost/stolen device with MDM... most practice tests I see put remote wiping as the correct answer.
upvoted 1 times
...
gjimenezf
1 year, 4 months ago
Selected Answer: D
encryption is the best, in a remote wipe data can be recovered
upvoted 1 times
J_Ko
2 months, 2 weeks ago
can't really see the additional value of key escrow in this scenario -it just means a trusted 3rd party also has the key to be released in specific circumstances. So I went with A. It not only covers D as others indicated (including a form of key escrow) but also might help against brute forcing the PIN or password to get access to the device & data anyway. (even if remote wipe is not quite perfect, too)
upvoted 1 times
...
...
YesPlease
1 year, 5 months ago
Selected Answer: A
Answer A) Mobile Device Management (MDM) with device wipe Keep in mind that all new phones should already have hardware encryption...so D is already covered. MDM solutions offer tons of features such as application level encryption, remote wipe and other policies to secure the phone.
upvoted 1 times
...
BoyBastos
1 year, 9 months ago
Selected Answer: A
A. Mobile Device Management (MDM) with device wipe Mobile Device Management (MDM) with the ability to remotely wipe the device is the most effective feature for mitigating against data theft on a corporate mobile device that has been stolen. When a device is stolen, it's critical to ensure that sensitive corporate data doesn't fall into the wrong hands. MDM allows administrators to remotely wipe all data from the stolen device, rendering it useless to the thief and protecting the data.
upvoted 1 times
...
nat0220
2 years ago
Selected Answer: A
A is the answer
upvoted 2 times
...
babaseun
2 years, 2 months ago
Selected Answer: A
From the Official Study Guide 9th edition - page 438 Personal electronic device security features can often be managed using a mobile device management (MDM) or unified endpoint management (UEM) solutions. These include device authentiation, full device encryption, communication protection, remote wiping, device lockout, screen locks, GPS and location service management, content management, application control, push notification management .........
upvoted 2 times
...
TommyZ
2 years, 2 months ago
Could've been stolen while he was talking on it so it was obviously unlocked. Many videos of people getting phones stolen while talking on them. Tough question. Gpt-3.5 and 4 say MDM
upvoted 2 times
...
Dee83
2 years, 4 months ago
D. Whole device encryption with key escrow
upvoted 2 times
...
wedso
2 years, 5 months ago
Selected Answer: A
Metigate = contain it doesnt meant prevent here, though MDM with remote wipe feature is the best for me
upvoted 4 times
...
Hava_2013
2 years, 7 months ago
A is the best option since D has a flaw. Key escrow along with the encryption not a good idea....
upvoted 4 times
...
Jamati
2 years, 7 months ago
Selected Answer: D
From the Official Study Guide 9th edition - page 410 Some mobile devices, including portable computers, tablets, and mobile phones, may offer full-device encryption (FDE). Many mobile devices either are pre-encrypted or can be encrypted by the user/owner. Once a mobile device is encrypted, the user’s data is protected whenever the screen is locked, which causes the physical data port on the device to be disabled. This prevents unauthorized access to data on the device through a physical cable connection as long as the screen remains locked. Most if not all of the storage media of a device can be encrypted, this is usually a worthwhile feature to enable. However, encryption isn’t a guarantee of protection for data, especially if the device is stolen while unlocked or if the system itself has a known backdoor attack vulnerability. MDM is also at end of life and about to get deprecated to be replaced by UEM, which combines MDM and EMM (enterprise mobility management)
upvoted 3 times
ikidreamz
2 years, 5 months ago
I THINK A = widely used and looks promising. Some phones support, majority dont support FDE. also pg 410 ""However, encryption isn’t a guarantee of protection for data, especially if the device is stolen while unlocked or if the system itself has a known backdoor attack vulnerability"
upvoted 2 times
...
babaseun
2 years, 2 months ago
on a corporate mobile device, not user/owner.....MDM has full-device encryption. I will go for A as the answer
upvoted 1 times
...
...
franbarpro
2 years, 7 months ago
This is def.... "A"
upvoted 2 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel