IsacaIsaca
CISM · Question #39
CISM Question #39: Real Exam Question with Answer & Explanation
The correct answer is A: Wipe the device remotely. Remotely wiping a stolen mobile device is the most effective action to immediately minimize the risk of sensitive corporate data exposure.
Submitted by andres_qro· Apr 18, 2026Information Security Incident Management
Question
A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?
Options
- AWipe the device remotely
- BRemove user's access to corporate data
- CPrevent the user from using personal mobile devices
- DReport the incident to the police
Explanation
Remotely wiping a stolen mobile device is the most effective action to immediately minimize the risk of sensitive corporate data exposure.
Common mistakes.
- B. Removing user access to corporate data prevents future access but does not protect the data already stored on the stolen device.
- C. Preventing personal mobile device use is a policy decision for the future, not an immediate action to mitigate data exposure from a currently stolen device.
- D. Reporting the incident to the police is a necessary legal and procedural step, but it does not directly mitigate the risk of data exposure from the device itself.
Concept tested. Mobile device incident response
Reference. https://learn.microsoft.com/en-us/mem/intune/remote-actions/device-erase
Topics
#Mobile Device Security#Incident Response#Data Loss Prevention#Remote Wipe
Community Discussion
No community discussion yet for this question.