New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

GIAC GCCC Exam - Topic 1 Question 57 Discussion

Actual exam question for GIAC's GCCC exam
Question #: 57
Topic #: 1
[All GCCC Questions]

Executive management approved the storage of sensitive data on smartphones and tablets as long as they were encrypted. Later a vulnerability was announced at an information security conference that allowed attackers to bypass the device's authentication process, making the data accessible. The smartphone manufacturer said it would take six months for the vulnerability to be fixed and distributed through the cellular carriers. Four months after the vulnerability was announced, an employee lost his tablet and the sensitive information became public.

What was the failure that led to the information being lost?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Miriam at Sep 14, 2024, 09:22 PM

Limited Time Offer

25%

Off

Get Premium GCCC Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Adell
3 months ago
Management should've insured against data loss, that's just basic!
upvoted 0 times
...
Jade
3 months ago
I think the employees should've kept their devices updated.
upvoted 0 times
...
Soledad
3 months ago
Wait, they were okay with storing sensitive data on phones? That's risky!
upvoted 0 times
...
Twanna
4 months ago
Totally agree, they should've done a risk review!
upvoted 0 times
...
Eura
4 months ago
Sounds like a classic case of poor risk management.
upvoted 0 times
...
Solange
4 months ago
Management's responsibility to insure against data loss seems relevant, so I wonder if option D could also be a factor in this scenario.
upvoted 0 times
...
Trevor
4 months ago
I practiced a question about vulnerability scans not being done, so option C sounds familiar, but I'm not convinced it applies here.
upvoted 0 times
...
Vanesa
4 months ago
I'm not entirely sure, but I feel like the employees should have updated their devices regularly, which makes option B a possibility.
upvoted 0 times
...
Arlie
5 months ago
I remember discussing the importance of risk acceptance reviews, so I think option A might be the right choice.
upvoted 0 times
...
Annamae
5 months ago
This is a good opportunity to apply my knowledge of risk management principles. I'll focus on identifying the breakdown in the risk assessment and mitigation process.
upvoted 0 times
...
Ressie
5 months ago
Hmm, I'm a bit confused by the details here. I'll need to re-read the question a few times to make sure I understand all the key points.
upvoted 0 times
...
Dong
5 months ago
This seems like a tricky question. I'll need to carefully consider the timeline of events and the risk management processes that were in place.
upvoted 0 times
...
Rodolfo
5 months ago
Okay, I think I've got a handle on this. The key is identifying the specific failure that led to the data breach. I'll methodically go through the answer choices and see which one best fits the scenario.
upvoted 0 times
...
Ashleigh
5 months ago
This seems like a straightforward question about factors that can impact the timing of business analysis activities. I'll need to think through the different possibilities and choose the best option.
upvoted 0 times
...
Yvette
9 months ago
I bet the employee who lost the tablet was just trying to show off their new device to their friends. 'Look, I have all this sensitive data right here!' *facepalm*
upvoted 0 times
...
Alva
9 months ago
Wow, 6 months to fix a critical vulnerability? That smartphone manufacturer must be running on Jurassic Park time or something!
upvoted 0 times
Madalyn
8 months ago
C) Vulnerability scans were not done to identify the devices that were at risk
upvoted 0 times
...
Amie
8 months ago
B) The employees failed to maintain their devices at the most current software version
upvoted 0 times
...
Alyce
8 months ago
D) Management had not insured against the possibility of the information being lost
upvoted 0 times
...
Selene
8 months ago
C) Vulnerability scans were not done to identify the devices that were at risk
upvoted 0 times
...
Cecily
9 months ago
B) The employees failed to maintain their devices at the most current software version
upvoted 0 times
...
Olen
9 months ago
A) There was no risk acceptance review after the risk changed
upvoted 0 times
...
Dona
9 months ago
A) There was no risk acceptance review after the risk changed
upvoted 0 times
...
...
Claudia
10 months ago
D? Really? I mean, insuring against lost data is a good idea, but it doesn't solve the root cause here. They needed to have a proper risk management process in place.
upvoted 0 times
Elvis
8 months ago
D) Management had not insured against the possibility of the information being lost
upvoted 0 times
...
Quentin
9 months ago
C) Vulnerability scans were not done to identify the devices that were at risk
upvoted 0 times
...
Sherill
9 months ago
B) The employees failed to maintain their devices at the most current software version
upvoted 0 times
...
Adell
9 months ago
A) There was no risk acceptance review after the risk changed
upvoted 0 times
...
...
Ranee
10 months ago
I'm going with C. They should have done vulnerability scans to identify which devices were at risk and prioritize patching them. Letting the vulnerability linger for 4 months is just unacceptable.
upvoted 0 times
...
Jean
11 months ago
But shouldn't management have insured against the possibility of the information being lost? That could have prevented this situation too.
upvoted 0 times
...
Becky
11 months ago
I think A is the right answer here. The organization should have reviewed the risk after that vulnerability was announced and made a decision to accept or mitigate it. Relying on the manufacturer's timeline was a major oversight.
upvoted 0 times
Tricia
9 months ago
That's also a valid point, keeping devices updated is crucial for security
upvoted 0 times
...
Annice
9 months ago
B) The employees failed to maintain their devices at the most current software version
upvoted 0 times
...
Erick
10 months ago
I agree, management should have reassessed the risk and taken action
upvoted 0 times
...
Bambi
10 months ago
A) There was no risk acceptance review after the risk changed
upvoted 0 times
...
...
Elin
11 months ago
Come on, the answer is clearly B. The employees should have kept their devices updated, that's just basic security hygiene. I can't believe they let this happen!
upvoted 0 times
...
Claudia
11 months ago
I agree with Dalene. If they had updated their devices, maybe the vulnerability could have been fixed before the information was lost.
upvoted 0 times
...
Dalene
11 months ago
I think the failure was that employees failed to maintain their devices at the most current software version.
upvoted 0 times
...

Save Cancel