Exam CAS-004 topic 1 question 252 discussion

While full disk encryption protects data at rest, it assumes that encryption keys remain secure. If the device is stolen, an adversary may attempt to extract the keys or exploit vulnerabilities. Additionally, this does not allow for the removal of data if the devices are never recovered.

A. Mobile device management with remote wipe capabilities. Why this is the best option: Mobile device management (MDM) with remote wipe allows the security team to remotely erase all data on the employee’s devices, including the laptop and mobile devices, as soon as the theft is reported. This ensures that no sensitive or proprietary data can be accessed, modified, or leaked from the stolen devices. Remote wipe capabilities ensure that even if the devices are offline, the data will be deleted once they connect to the internet. NOT D. Full disk encryption with centralized key management: Full disk encryption (FDE) would make it much more difficult for attackers to access the data without the decryption key. However, encryption alone doesn't completely guarantee that data won't be compromised if the attacker has access to the devices long enough to perform brute-force attacks or other methods. Centralized key management is helpful, but it doesn't directly allow for the remote deletion of data on the device, which is what the situation requires.

ANS is CAPITAL A. Please people read the question very well. The question is talking about the data not being compromised while away. A very simple answer to this question is MDM(Mobile Device Management) and remote wipe capabilities

Full Disk Encryption (FDE): FDE ensures that all data on the device is encrypted, making it inaccessible to unauthorized users even if the device is stolen. This means that the data remains confidential and cannot be compromised or altered without proper decryption keys. Centralized Key Management: Centralized key management allows the organization to control and manage encryption keys securely. It ensures that even if the device is stolen, the keys required to decrypt the data are not on the device and can be revoked or rotated as necessary. This further ensures the integrity and confidentiality of the data.

I thought A but I have been convinced that it's D. The "or changed" in "no data is compromised or changed" is doing a lot of work on this question.

A would be correct but the question and scenario mentions a laptop. So D is the next best choice

I would agree with D. If you don't have an encrypted disk then somebody could just remote the drive from the laptop, connect it to another system and read all the data. Drive encryption needs to be the first priority.

Going to go with D. The wording "ensure no electronic data is compromised or changed" seems to rule out remote wipe.

D okay to me