Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC Exam GCCC Topic 1 Question 57 Discussion

Actual exam question for GIAC's GCCC exam
Question #: 57
Topic #: 1
[All GCCC Questions]

Executive management approved the storage of sensitive data on smartphones and tablets as long as they were encrypted. Later a vulnerability was announced at an information security conference that allowed attackers to bypass the device's authentication process, making the data accessible. The smartphone manufacturer said it would take six months for the vulnerability to be fixed and distributed through the cellular carriers. Four months after the vulnerability was announced, an employee lost his tablet and the sensitive information became public.

What was the failure that led to the information being lost?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Miriam at Sep 14, 2024, 09:22 PM

Limited Time Offer

25%

Off

Get Premium GCCC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Yvette
1 months ago
I bet the employee who lost the tablet was just trying to show off their new device to their friends. 'Look, I have all this sensitive data right here!' *facepalm*
upvoted 0 times
...
Alva
2 months ago
Wow, 6 months to fix a critical vulnerability? That smartphone manufacturer must be running on Jurassic Park time or something!
upvoted 0 times
Madalyn
4 days ago
C) Vulnerability scans were not done to identify the devices that were at risk
upvoted 0 times
...
Amie
6 days ago
B) The employees failed to maintain their devices at the most current software version
upvoted 0 times
...
Alyce
12 days ago
D) Management had not insured against the possibility of the information being lost
upvoted 0 times
...
Selene
13 days ago
C) Vulnerability scans were not done to identify the devices that were at risk
upvoted 0 times
...
Cecily
22 days ago
B) The employees failed to maintain their devices at the most current software version
upvoted 0 times
...
Olen
26 days ago
A) There was no risk acceptance review after the risk changed
upvoted 0 times
...
Dona
26 days ago
A) There was no risk acceptance review after the risk changed
upvoted 0 times
...
...
Claudia
2 months ago
D? Really? I mean, insuring against lost data is a good idea, but it doesn't solve the root cause here. They needed to have a proper risk management process in place.
upvoted 0 times
Elvis
14 days ago
D) Management had not insured against the possibility of the information being lost
upvoted 0 times
...
Quentin
1 months ago
C) Vulnerability scans were not done to identify the devices that were at risk
upvoted 0 times
...
Sherill
2 months ago
B) The employees failed to maintain their devices at the most current software version
upvoted 0 times
...
Adell
2 months ago
A) There was no risk acceptance review after the risk changed
upvoted 0 times
...
...
Ranee
2 months ago
I'm going with C. They should have done vulnerability scans to identify which devices were at risk and prioritize patching them. Letting the vulnerability linger for 4 months is just unacceptable.
upvoted 0 times
...
Jean
3 months ago
But shouldn't management have insured against the possibility of the information being lost? That could have prevented this situation too.
upvoted 0 times
...
Becky
3 months ago
I think A is the right answer here. The organization should have reviewed the risk after that vulnerability was announced and made a decision to accept or mitigate it. Relying on the manufacturer's timeline was a major oversight.
upvoted 0 times
Tricia
1 months ago
That's also a valid point, keeping devices updated is crucial for security
upvoted 0 times
...
Annice
1 months ago
B) The employees failed to maintain their devices at the most current software version
upvoted 0 times
...
Erick
2 months ago
I agree, management should have reassessed the risk and taken action
upvoted 0 times
...
Bambi
2 months ago
A) There was no risk acceptance review after the risk changed
upvoted 0 times
...
...
Elin
3 months ago
Come on, the answer is clearly B. The employees should have kept their devices updated, that's just basic security hygiene. I can't believe they let this happen!
upvoted 0 times
...
Claudia
3 months ago
I agree with Dalene. If they had updated their devices, maybe the vulnerability could have been fixed before the information was lost.
upvoted 0 times
...
Dalene
3 months ago
I think the failure was that employees failed to maintain their devices at the most current software version.
upvoted 0 times
...

Save Cancel