New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca Cybersecurity-Audit-Certificate Exam - Topic 1 Question 12 Discussion

Actual exam question for Isaca's Cybersecurity-Audit-Certificate exam
Question #: 12
Topic #: 1
[All Cybersecurity-Audit-Certificate Questions]

What should be an IS auditor's GREATEST concern when an organization's virtual private network (VPN) is implemented on employees' personal mobile devices?

Show Suggested Answer Hide Answer
Suggested Answer: B

When employees use personal mobile devices to access a VPN, the greatest concern for an IS auditor is the potential for sensitive data to be stored in an unsecured manner. If data is stored in plain text, it could be easily accessed by unauthorized parties if the device is lost, stolen, or compromised. This risk is heightened when the devices are not managed by the organization's IT department, which would typically enforce security policies such as encryption.


by Lilli at Mar 21, 2024, 04:48 AM

Limited Time Offer

25%

Off

Get Premium Cybersecurity-Audit-Certificate Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Genevive
3 months ago
What about network resource issues? That's a concern too!
upvoted 0 times
...
Noel
3 months ago
Totally agree, unauthorized access is a nightmare!
upvoted 0 times
...
Wendell
3 months ago
Wait, people actually store sensitive info in plain text?
upvoted 0 times
...
Kasandra
4 months ago
I think unauthorized devices are a bigger concern.
upvoted 0 times
...
Vicky
4 months ago
Users storing data in plain text is a huge risk!
upvoted 0 times
...
Mozelle
4 months ago
I vaguely recall that resource-intensive services could slow down the VPN, but I’m not sure if that’s the biggest risk compared to unauthorized access.
upvoted 0 times
...
Lawrence
4 months ago
I practiced a similar question where data security was emphasized, so I feel like option B is definitely something to consider.
upvoted 0 times
...
Felicitas
4 months ago
I’m not entirely sure, but I think unauthorized devices accessing the network could lead to major security issues, which makes option C a contender.
upvoted 0 times
...
Man
5 months ago
I remember we discussed the risks of data being stored on personal devices, so option B seems like a strong concern.
upvoted 0 times
...
Glory
5 months ago
Accessing unsupported services over the VPN could be a major problem. I'll make sure to consider that possibility in my answer.
upvoted 0 times
...
Mozelle
5 months ago
Hmm, I'm not sure about this one. I'll need to think through the potential risks of using personal devices for the VPN.
upvoted 0 times
...
Ramonita
5 months ago
This question seems straightforward. I'll focus on the key concern of unauthorized device access to the corporate network.
upvoted 0 times
...
Rosalyn
5 months ago
The biggest issue I see is data security - users storing sensitive data in plain text on their personal devices. I'll make sure to highlight that.
upvoted 0 times
...
Susy
5 months ago
I'm pretty sure this is under Initial Access, since exploiting public-facing applications is a common way for attackers to gain initial access to a system.
upvoted 0 times
...
Ciara
5 months ago
Okay, let's see. Datastore could work, but I'm not sure if it can handle the complex analytics requirement. BigQuery might be a better fit for that.
upvoted 0 times
...
Salina
5 months ago
Hmm, I'm not sure a sign-in sheet is the best solution. With a lot of non-employees, that could get messy and unreliable. Maybe using smart cards or biometric access would be a cleaner way to monitor who is in the building.
upvoted 0 times
...
Viva
5 months ago
I think the file we're looking for is the Bill of Materials, but I'm not completely sure. There were so many terms to remember!
upvoted 0 times
...
Mignon
2 years ago
Users accessing services not supported by the VPN could also pose a threat. It could bypass security measures in place.
upvoted 0 times
...
Kimberely
2 years ago
That's true, Virgie. It could lead to data breaches if the devices are lost or stolen.
upvoted 0 times
...
Virgie
2 years ago
But what about users storing data in plain text on their mobile devices? Wouldn't that be a big concern too?
upvoted 0 times
...
Mignon
2 years ago
I agree with Kimberely. That would definitely be a major security risk.
upvoted 0 times
...
Kimberely
2 years ago
I think an IS auditor's biggest concern should be users accessing the corporate network from unauthorized devices.
upvoted 0 times
...

Save Cancel