CompTIA CASP+ Practice Test

When a CEO requires access to data on a mobile device, what approach should be taken for security?

• A. Data encryption on the device only
• B. Mitigate and Transfer the risk
• C. Disallow any external connections
• D. Implement biometric access controls

The correct answer is: Mitigate and Transfer the risk

In this scenario, the primary goal is to ensure that the CEO can access necessary data on a mobile device while minimizing the security risks associated with that access. Adopting a risk management strategy such as mitigating and transferring risk is appropriate. Mitigating risk involves taking steps to reduce the potential impact or likelihood of threats. This can include using robust security measures such as security patches, firewalls, and antivirus software, which can strengthen the overall security posture. On the other hand, transferring risk refers to moving the risk exposure to another party, often through insurance or outsourcing certain functions to trusted third-party service providers. This dual approach allows organizations to balance the need for access to data with the protection necessary to manage threats effectively. The other options may address security aspects but do not encompass a comprehensive approach to managing the risks involved in mobile access to sensitive data. For instance, while data encryption on the device is important for protecting data at rest, if other controls are not in place, it might not be sufficient alone. Similarly, disallowing any external connections may hinder productivity and accessibility, which is often critical in a mobile context, especially for someone in a leadership position. Implementing biometric access controls can enhance security for device access but does not address the broader