CISSP · Question #611
A security professional should consider the protection of which of the following elements FIRST when developing a defense-in-depth strategy for a mobile workforce?
The correct answer is D. End-user devices. Defense-in-depth is a security strategy that employs multiple layers of security controls and mechanisms to protect the system or network from various types of attacks. A mobile workforce is a group of employees or users who work remotely or outside the organization's physical pr
Question
Options
- ANetwork perimeters
- BDemilitarized Zones (DM2)
- CDatabases and back-end servers
- DEnd-user devices
How the community answered
(30 responses)- A7% (2)
- B3% (1)
- C13% (4)
- D77% (23)
Explanation
Defense-in-depth is a security strategy that employs multiple layers of security controls and mechanisms to protect the system or network from various types of attacks. A mobile workforce is a group of employees or users who work remotely or outside the organization's physical premises, using mobile devices such as laptops, tablets, or smartphones. A security professional should consider the protection of the end-user devices first when developing a defense-in-depth strategy for a mobile workforce, as these devices are the most vulnerable and exposed to various threats, such as theft, loss, malware, phishing, or unauthorized access. The end-user devices should be protected by security controls and mechanisms such as encryption, authentication, authorization, antivirus, firewall, VPN, device management, backup, and recovery. Network perimeters, demilitarized zones, and databases and back-end servers are also important elements to protect in a defense-in-depth strategy, but they are not the first priority for a mobile workforce, as they are more related to the organization's internal network and infrastructure.
Topics
Community Discussion
No community discussion yet for this question.