Examice

Exam CAS-004 All QuestionsBrowse all questions from this exam

Question 34

Device event logs sourced from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Malicious installation of an application; change the MDM configuration to remove application ID 1220.

Resource leak; recover the device for analysis and clean up the local storage.

Impossible travel; disable the device's account and access while investigating.

Falsified status reporting; remotely wipe the device.

Correct Answer: C

The logs indicate that the same device reported two different locations at the same timestamp (07:01) with significant geographical distances, which is practically impossible for a single device to achieve without manipulation or error. This situation suggests a security concern of 'impossible travel.' The appropriate response action would be to disable the device's account and access while conducting an investigation to ensure that any potential security breach or misuse is mitigated.

Discussion

FOURDUEOption: C

Review the check in times and location. there is no way someone can travel that distance. C

armidOption: C

but.. what IF he used VPN? xD

ElDirecOption: C

Qatar vs Washington DC at the same time

ChimpethOption: C

Push events are generally sent form MDM administrators or Systems. Impossible travel.

BiteSizeOption: C

Two Timestamps at 0701 with two different locations

margomi86Option: A

Based on the device event logs, the security concern and response action that would BEST address the risks posed by the device are: Security Concern: Malicious installation of an application. Response Action: Change the MDM configuration to remove application ID 1220. Therefore, the answer is option A.

ccryptixOption: C

Due to line 4, a GPS spoofing could be in use either by the newly install app, or before the app was installed.

Rj100Option: A

Answer A