nerdexam
(ISC)2

CISSP · Question #1210

A software developer installs a game on their organization-provided smartphone. Upon installing the game, the software developer is prompted to allow the game access to call logs, Short Message Servic

The correct answer is B. Vulnerability. A game requesting excessive permissions (call logs, SMS, GPS) on a corporate device is a classic indicator of potentially malicious or overly intrusive software, introducing a security vulnerability to the device and organization.

Submitted by hans_de· Mar 5, 2026Asset Security

Question

A software developer installs a game on their organization-provided smartphone. Upon installing the game, the software developer is prompted to allow the game access to call logs, Short Message Service (SMS) messaging, and Global Positioning System (GPS) location data. What has the game MOST likely introduced to the smartphone?

Options

  • AAlerting
  • BVulnerability
  • CGeo-fencing
  • DMonitoring

How the community answered

(27 responses)
  • A
    4% (1)
  • B
    85% (23)
  • C
    7% (2)
  • D
    4% (1)

Why each option

A game requesting excessive permissions (call logs, SMS, GPS) on a corporate device is a classic indicator of potentially malicious or overly intrusive software, introducing a security vulnerability to the device and organization.

AAlerting

Alerting refers to a security notification or warning mechanism triggered by a monitoring system, not a condition introduced by installing an application with excessive permissions.

BVulnerabilityCorrect

By requesting broad permissions such as access to call logs, SMS, and GPS data, the game has introduced a vulnerability - specifically a privacy and data-exposure risk - to the smartphone. Malicious or poorly designed apps that harvest sensitive data can expose organizational information, making this an attack surface or security weakness that could be exploited by threat actors.

CGeo-fencing

Geo-fencing is a legitimate feature that defines virtual geographic boundaries to trigger actions, and while the app requests GPS access, the scenario describes a security risk from excessive permissions rather than the implementation of a geo-fencing feature.

DMonitoring

Monitoring refers to the ongoing observation of systems or user activity for security or performance purposes; while the app could enable unauthorized monitoring, the term itself describes a practice or tool, not the security risk introduced by the app's permissions.

Concept tested: Mobile application excessive permissions and security vulnerabilities

Source: https://www.cisa.gov/sites/default/files/publications/cybersecurity-best-practices-for-mobile-devices_508.pdf

Topics

#Mobile security#Excessive permissions#Smartphone vulnerability#Application security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice