nerdexam
Cisco

350-201(NEW-127Q) · Question #80

350-201(NEW-127Q) Question #80: Real Exam Question with Answer & Explanation

The correct answer is C. Tracked data might be sent unencrypted.. Option C is correct because the activity trackers list supported transmission protocols (3G, 4G, 5G, 802.11 a/b/g/n) but make no mention of encryption standards - meaning sensitive Protected Health Information (PHI) such as heart rate data could traverse networks in plaintext, vi

Threat Analysis and Risk Management

Question

A medical center managing board decides to use activity trackers to evaluate patients more accurately by recording their heart rate and accelerometer data simultaneously. Trackers were ordered from an organization that specialized in healthcare device production. The trackers support data transfer for 3G, 4G, 5G, and 802.11(a/b/g/n) technologies. Why does the CISO consider activity trackers a threat?

Options

  • ATrackers have no software update policy.
  • BTrackers are missing support for 802.11i-2007 and 802.11i-2012.
  • CTracked data might be sent unencrypted.
  • DThe patient heart rate should not be recorded.

Explanation

Option C is correct because the activity trackers list supported transmission protocols (3G, 4G, 5G, 802.11 a/b/g/n) but make no mention of encryption standards - meaning sensitive Protected Health Information (PHI) such as heart rate data could traverse networks in plaintext, violating HIPAA and exposing patients to data interception.

Why the distractors are wrong:

  • A (no update policy): Not evidenced by the scenario - the device spec sheet lists connectivity, not lifecycle policies, so this is speculation beyond the given facts.
  • B (missing 802.11i-2007/2012): The dates are fabricated - 802.11i was ratified in 2004. While the absence of 802.11i is related to the lack of WPA2 Wi-Fi encryption, the specific claim is factually wrong, making C the more accurate and complete answer.
  • D (heart rate shouldn't be recorded): Heart rate monitoring is a core, legitimate medical function - this is simply incorrect.

Memory tip: A CISO thinks CIA triad - and the first letter, Confidentiality, is always the primary concern when PHI crosses a network. Whenever a device spec lists how data travels but not how it's protected, flag it as an unencrypted transmission risk.

Topics

#Data Encryption in Transit#Healthcare Data Privacy#Wireless Device Security#Medical Device Threats

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 350-201(NEW-127Q) Practice