312-50V12 Question #253: Real Exam Question with Answer & Explanation

Question

As a cybersecurity analyst for SecureNet, you are performing a security assessment of a new mobile payment application. One of your primary concerns is the secure storage of customer data on the device. The application stores sensitive information such as credit card details and personal identification numbers (PINs) on the device. Which of the following measures would best ensure the security of this data?

Options

• AEnable GPS tracking for all devices using the app.
• BRegularly update the app to the latest version.
• CEncrypt all sensitive data stored on the device.
• DImplement biometric authentication for app access.

Explanation

Encrypting all sensitive data stored on the device is the best measure to protect customer credit card details and PINs, ensuring their security even if the device is compromised.

Common mistakes.

• A. Enabling GPS tracking for devices helps with device location and recovery, but it does not secure the sensitive data stored on the device itself from unauthorized access.
• B. Regularly updating the app is a good practice for patching vulnerabilities and improving overall security, but it does not inherently guarantee that sensitive data stored on the device is encrypted.
• D. Implementing biometric authentication secures access to the application, but it does not protect the sensitive data stored on the device if the device's storage is accessed directly or by an attacker bypassing app authentication.

Concept tested. Data at rest encryption for mobile devices

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-atrest

No community discussion yet for this question.