Exam CIPT All QuestionsBrowse all questions from this exam
Go to Exam
Question 54

SCENARIO -

Tom looked forward to starting his new position with a U.S `"based automobile leasing company (New Company), now operating in 32 states. New Company was recently formed through the merger of two prominent players, one from the eastern region (East Company) and one from the western region (West Company).

Tom, a Certified Information Privacy Technologist (CIPT), is New Company's first Information Privacy and Security Officer. He met today with Dick from East

Company, and Harry, from West Company. Dick and Harry are veteran senior information privacy and security professionals at their respective companies, and continue to lead the east and west divisions of New Company. The purpose of the meeting was to conduct a SWOT (strengths/weaknesses/opportunities/threats) analysis for New Company. Their SWOT analysis conclusions are summarized below.

Dick was enthusiastic about an opportunity for the New Company to reduce costs and increase computing power and flexibility through cloud services. East

Company had been contemplating moving to the cloud, but West Company already had a vendor that was providing it with software-as-a-service (SaaS). Dick was looking forward to extending this service to the eastern region. Harry noted that this was a threat as well, because West Company had to rely on the third party to protect its data.

Tom mentioned that neither of the legacy companies had sufficient data storage space to meet the projected growth of New Company, which he saw as a weakness. Tom stated that one of the team's first projects would be to construct a consolidated New Company data warehouse. Tom would personally lead this project and would be held accountable if information was modified during transmission to or during storage in the new data warehouse.

Tom, Dick and Harry agreed that employee network access could be considered both a strength and a weakness. East Company and West Company had strong performance records in this regard; both had robust network access controls that were working as designed. However, during a projected year-long transition period, New Company employees would need to be able to connect to a New Company network while retaining access to the East Company and West Company networks.

When employees are working remotely, they usually connect to a Wi-Fi network. What should Harry advise for maintaining company security in this situation?

    Correct Answer: A

    Hiding the SSID, or wireless service set identifier, can be a simple security measure in wireless networks. When an SSID is hidden, the network name does not appear in the list of available networks, thus potentially deterring some unauthorized users from attempting access. However, hiding the SSID alone is not a robust security measure since sophisticated intruders can still detect and access hidden networks using the right tools. Therefore, while it might offer an additional layer of security, it should not be relied upon solely. It's important for remote workers to use multiple layers of security, such as strong passwords and encryption methods, ideally a stronger option would involve the use of WPA3 encryption or a Virtual Private Network (VPN) for secure access, but since these are not provided as apparent options, hiding the SSID could still be part of a comprehensive security strategy.

Discussion
ME79Option: D

If the employee is working remotely, they are typically not the administrator of the wireless network (unless it is their home network). Therefore hiding the SSID can not be an option. The most correct option would be to use a VPN, however that is not listed as an option. Therefore, choice D, using tokens implies MFA, which is something that a company can set up to validate the identity of an employee that is trying to connect.

Sharon2000Option: D

Not D, as it is HTTP and not HTTPS ?