CISSP · Question #1210
A software developer installs a game on their organization-provided smartphone. Upon installing the game, the software developer is prompted to allow the game access to call logs, Short Message Servic
The correct answer is B. Vulnerability. A game requesting excessive permissions (call logs, SMS, GPS) on a corporate device is a classic indicator of potentially malicious or overly intrusive software, introducing a security vulnerability to the device and organization.
Question
Options
- AAlerting
- BVulnerability
- CGeo-fencing
- DMonitoring
How the community answered
(27 responses)- A4% (1)
- B85% (23)
- C7% (2)
- D4% (1)
Why each option
A game requesting excessive permissions (call logs, SMS, GPS) on a corporate device is a classic indicator of potentially malicious or overly intrusive software, introducing a security vulnerability to the device and organization.
Alerting refers to a security notification or warning mechanism triggered by a monitoring system, not a condition introduced by installing an application with excessive permissions.
By requesting broad permissions such as access to call logs, SMS, and GPS data, the game has introduced a vulnerability - specifically a privacy and data-exposure risk - to the smartphone. Malicious or poorly designed apps that harvest sensitive data can expose organizational information, making this an attack surface or security weakness that could be exploited by threat actors.
Geo-fencing is a legitimate feature that defines virtual geographic boundaries to trigger actions, and while the app requests GPS access, the scenario describes a security risk from excessive permissions rather than the implementation of a geo-fencing feature.
Monitoring refers to the ongoing observation of systems or user activity for security or performance purposes; while the app could enable unauthorized monitoring, the term itself describes a practice or tool, not the security risk introduced by the app's permissions.
Concept tested: Mobile application excessive permissions and security vulnerabilities
Source: https://www.cisa.gov/sites/default/files/publications/cybersecurity-best-practices-for-mobile-devices_508.pdf
Topics
Community Discussion
No community discussion yet for this question.