CDPSE · Question #174
An organization plans to implement a new cloud-based human resources (HR) solution with a mobile application interface. Which of the following is the BEST control to prevent data leakage?
The correct answer is A. Download of data to the mobile devices is disabled.. Disabling local downloads directly addresses data leakage at the source by preventing personal HR data from leaving the controlled cloud environment and residing on endpoint devices that may be lost, stolen, or shared. This is a direct, targeted data loss prevention (DLP) control
Question
An organization plans to implement a new cloud-based human resources (HR) solution with a mobile application interface. Which of the following is the BEST control to prevent data leakage?
Options
- ADownload of data to the mobile devices is disabled.
- BSingle sign-on is enabled for the mobile application.
- CData stored in the cloud-based solution is encrypted.
- DSeparate credentials are used for the mobile application.
How the community answered
(32 responses)- A91% (29)
- C3% (1)
- D6% (2)
Explanation
Disabling local downloads directly addresses data leakage at the source by preventing personal HR data from leaving the controlled cloud environment and residing on endpoint devices that may be lost, stolen, or shared. This is a direct, targeted data loss prevention (DLP) control. Single sign-on (B) improves authentication convenience and reduces credential sprawl but does not prevent data from being downloaded. Encrypting data at rest in the cloud (C) protects stored data but does not prevent authorized users from downloading and then leaking it. Separate credentials (D) are an access control measure, not a leakage prevention control.
Topics
Community Discussion
No community discussion yet for this question.