nerdexam
(ISC)2

CISSP · Question #611

A security professional should consider the protection of which of the following elements FIRST when developing a defense-in-depth strategy for a mobile workforce?

The correct answer is D. End-user devices. Defense-in-depth is a security strategy that employs multiple layers of security controls and mechanisms to protect the system or network from various types of attacks. A mobile workforce is a group of employees or users who work remotely or outside the organization's physical pr

Submitted by luis.pe· Mar 5, 2026Security Architecture and Engineering

Question

A security professional should consider the protection of which of the following elements FIRST when developing a defense-in-depth strategy for a mobile workforce?

Options

  • ANetwork perimeters
  • BDemilitarized Zones (DM2)
  • CDatabases and back-end servers
  • DEnd-user devices

How the community answered

(30 responses)
  • A
    7% (2)
  • B
    3% (1)
  • C
    13% (4)
  • D
    77% (23)

Explanation

Defense-in-depth is a security strategy that employs multiple layers of security controls and mechanisms to protect the system or network from various types of attacks. A mobile workforce is a group of employees or users who work remotely or outside the organization's physical premises, using mobile devices such as laptops, tablets, or smartphones. A security professional should consider the protection of the end-user devices first when developing a defense-in-depth strategy for a mobile workforce, as these devices are the most vulnerable and exposed to various threats, such as theft, loss, malware, phishing, or unauthorized access. The end-user devices should be protected by security controls and mechanisms such as encryption, authentication, authorization, antivirus, firewall, VPN, device management, backup, and recovery. Network perimeters, demilitarized zones, and databases and back-end servers are also important elements to protect in a defense-in-depth strategy, but they are not the first priority for a mobile workforce, as they are more related to the organization's internal network and infrastructure.

Topics

#defense in depth#mobile security#endpoint security#asset protection

Community Discussion

No community discussion yet for this question.

Full CISSP Practice