Exam CISSP topic 1 question 225 discussion

The answer is D because of the last object in the sentence -> external storage devices.

“A” is probably applicable at the point of getting through customs without issues. But downloading sensitive data via VPN when arriving at the destination, without protecting the data at rest while in a high-risk country is unacceptable. D is the best answer

It is D, because of "for protecting data ON computers, smartphones, and external storage devices" It can't be A: How should a VPN protect your local stored data?! It does not make any sense. It is D: Only D takes care of local stored data and how to protect them.

C.... to not get robbed! unfortunately, not a good answer for the CISSP exam but a good answer in real life. through this question out. Best answer then would be D. D offers the most COMPREHENSIVE security strategy for this specific scenario.

Many people answer D, but D is focused on general security principles without considering the aspect of traveling to sensitive countries ! One important aspect is the local laws indeed. When you pass through the customs of some countries, you can be asked to show an unlocked computer/device, USA for instance can force you to disclose your Social Network data.

Cant be A, what does local law have anything to do with securing devices? At most is embargo law that you cant import certain crtypography capablities but those are not local laws. Also how does using TLS to download sensitive data be helpful when the sensitive data are in your devices and there is no mention of securing the devices to protect the newly downloaded sensitive data.

Option A combines legal awareness, proactive measures to clean devices, and secure data transfer practices, making it a comprehensive approach to safeguarding data when traveling to high-risk countries.

Answer A) https://www.colorado.edu/researchinnovation/compliance/export-controls/international-travel/High-Risk-Country-Guidance

D provides the best ways to protect DaR on devices. This is also used in CSfC models/frameworks.

Think like a manager. It's also limiting access to data.

Using multi-factor authentication (MFA) to gain access to data stored on laptops or external storage devices can be a good security measure, but it does not provide complete protection for data when traveling to high-risk countries. MFA only protects against unauthorized access to the device, but it does not protect against data theft or data compromise. If a device is lost or stolen, the data stored on it can still be accessed and compromised, even with MFA in place. Therefore, additional measures, such as using a VPN to download data and forensically cleaning devices before travel, should also be employed to fully protect sensitive data when traveling to high-risk countries.

When traveling to high-risk countries, option A is the BEST means for protecting data on computers, smartphones, and external storage devices.

The Customs of most countries (not necessarily high-risk) have the authorities to confiscate or request to unlock the electronic devices bring into their countries when in doubt of National Security. Failed to comply might result in jail or get killed (in high-risk countries).

"BEST means for protecting data ON computers" - not in transit/while downloading.

According to this article it's "A"

The best means for protecting data on computers, smartphones, and external storage devices when traveling to high-risk countries is to review applicable destination country laws, forensically clean devices prior to travel, and only download sensitive data over a virtual private network (VPN) upon arriving at the destination (Option A). This approach combines multiple security measures to protect data from potential risks, such as legal issues, data theft, and unauthorized access. Reviewing destination country laws helps to ensure compliance with local regulations, and forensically cleaning devices before travel helps to remove any sensitive data that could potentially be accessed by unauthorized parties. Using a VPN to download sensitive data upon arrival at the destination helps to secure the data in transit and prevent any potential interception or tampering. Option D, using MFA and biometric access control mechanisms, can help to improve the security of devices and data, but it does not address the legal issues or data theft risks.

D is a little more specific for mobile equipments.