CISSP Exam QuestionsBrowse all questions from this exam
Go to Exam

CISSP Exam - Question 383

Which of the following features is MOST effective in mitigating against theft of data on a corporate mobile device which has been stolen?

Show Answer
Correct Answer: D

The most effective feature in mitigating against theft of data on a corporate mobile device that has been stolen is whole device encryption with key escrow. Whole device encryption ensures that all data on the device is encrypted and inaccessible without the proper decryption key. This means that even if the device is stolen, the data remains protected, as it cannot be accessed without the decryption key. While remote wiping is useful, it relies on the device being connected to a network and may not be effective if the device is offline. Hence, whole device encryption offers a more robust and reliable method of data protection in the event of theft.

Discussion

15 comments
Sign in to comment
Humongous1593Option: D
Oct 13, 2022

If the device is encrypted then they can't get at the data. The other answers don't work because what if its turned off or no signal. Remote wipe won't work. Geolocate won't work. Even if you could locate it, then what? The police won't do anything.

Clay
Jan 12, 2023

I Choose A. What's purpose of stealing a mobile device for it to be offline.

Serliop378
May 29, 2023

Because in case of encryption, they will instead purge/format the drives to sell it on the market, so the first thing a thief does is to not activate any geolocating services, including going online

examprep900
Apr 7, 2023

We use MDM and added a policy to encrypt the devices. so, I can assume that D is covered in A already. Yes, we do face situations where the devices are offline and remote wipe doesn't work, but the devices are already encrypted. So, I will suggest option A.

jackdryan
May 14, 2023

A is correct

krasskoOption: A
Oct 17, 2022

But A includes D. You can enable encryption in Management Tool + lot more.

CoolwaterOption: D
Oct 27, 2022

A or D ? If mobile devices are stolen and the thieves open it in their Underground bunker, does it get internet connectivity to wipe the device using MDM? Is it an effective solution to protect? . Maybe you will come to know about this theft 1 week after the incident . Best ans-D

Hava_2013Option: A
Nov 16, 2022

A is the best option since D has a flaw. Key escrow along with the encryption not a good idea....

wedsoOption: A
Jan 7, 2023

Metigate = contain it doesnt meant prevent here, though MDM with remote wipe feature is the best for me

JamatiOption: D
Nov 13, 2022

From the Official Study Guide 9th edition - page 410 Some mobile devices, including portable computers, tablets, and mobile phones, may offer full-device encryption (FDE). Many mobile devices either are pre-encrypted or can be encrypted by the user/owner. Once a mobile device is encrypted, the user’s data is protected whenever the screen is locked, which causes the physical data port on the device to be disabled. This prevents unauthorized access to data on the device through a physical cable connection as long as the screen remains locked. Most if not all of the storage media of a device can be encrypted, this is usually a worthwhile feature to enable. However, encryption isn’t a guarantee of protection for data, especially if the device is stolen while unlocked or if the system itself has a known backdoor attack vulnerability. MDM is also at end of life and about to get deprecated to be replaced by UEM, which combines MDM and EMM (enterprise mobility management)

ikidreamz
Dec 22, 2022

I THINK A = widely used and looks promising. Some phones support, majority dont support FDE. also pg 410 ""However, encryption isn’t a guarantee of protection for data, especially if the device is stolen while unlocked or if the system itself has a known backdoor attack vulnerability"

babaseun
Apr 17, 2023

on a corporate mobile device, not user/owner.....MDM has full-device encryption. I will go for A as the answer

franbarproOption: A
Oct 27, 2022

This is def.... "A"

Dee83Option: D
Jan 28, 2023

D. Whole device encryption with key escrow

TommyZOption: A
Mar 23, 2023

Could've been stolen while he was talking on it so it was obviously unlocked. Many videos of people getting phones stolen while talking on them. Tough question. Gpt-3.5 and 4 say MDM

babaseunOption: A
Apr 16, 2023

From the Official Study Guide 9th edition - page 438 Personal electronic device security features can often be managed using a mobile device management (MDM) or unified endpoint management (UEM) solutions. These include device authentiation, full device encryption, communication protection, remote wiping, device lockout, screen locks, GPS and location service management, content management, application control, push notification management .........

nat0220Option: A
May 31, 2023

A is the answer

BoyBastosOption: A
Sep 9, 2023

A. Mobile Device Management (MDM) with device wipe Mobile Device Management (MDM) with the ability to remotely wipe the device is the most effective feature for mitigating against data theft on a corporate mobile device that has been stolen. When a device is stolen, it's critical to ensure that sensitive corporate data doesn't fall into the wrong hands. MDM allows administrators to remotely wipe all data from the stolen device, rendering it useless to the thief and protecting the data.

YesPleaseOption: A
Dec 23, 2023

Answer A) Mobile Device Management (MDM) with device wipe Keep in mind that all new phones should already have hardware encryption...so D is already covered. MDM solutions offer tons of features such as application level encryption, remote wipe and other policies to secure the phone.

gjimenezfOption: D
Feb 1, 2024

encryption is the best, in a remote wipe data can be recovered

CCNPWILLOption: A
Jun 2, 2024

Going with A. Also, similar questions like this with lost/stolen device with MDM... most practice tests I see put remote wiping as the correct answer.