An organization, which handles large volumes of PII, allows mobile devices that can process, store, and transmit PII and other sensitive data to be issued to employees. Security assessors can demonstrate recovery and decryption of remnant sensitive data from device storage after MDM issues a successful wipe command. Assuming availability of the controls, which of the following would BEST protect against the loss of sensitive data in the future?
A. Implement a container that wraps PII data and stores keying material directly in the container’s encrypted application space.
B. Use encryption keys for sensitive data stored in an eF use-backed memory space that is blown during remote wipe.
C. Issue devices that employ a stronger algorithm for the authentication of sensitive data stored on them.
D. Procure devices that remove the bootloader binaries upon receipt of an MDM-issued remote wipe command.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Not sure, but think the answer could be B… use eFuse
Background: when we delete things in computer, we only delete the pointers. Think of it like someone wants discover all the phone numbers of my town. He has access to my house and phone book. I burn the phone book in thinking that he won’t be able to discover all the phone numbers of my town. The actual phone still exist in every house. He could walk to every house to find out the numbers. To human this seems ridiculous of effort, but to a computer it only take millisecond to query the next house, next house. So, it is an absurd idea to burn the phone book. Yet that’s what we do, when we delete things in our computer. We just delete the pointer to the data. The the data is not erased until it’s overwritten. Have you ever wonder why it takes hours to download a movie and only takes millisecond to delete the movie file? Yes, you got it. It just deleted the pointer to the movie. The movie is still in your hard drive. Wouldn’t you say the same should apply to remote wiping? To delete data take enormous effort and time. The simplest and fastest way to render data useless is to have your data encrypted and delete the key?
Still believe the answer should B… eFuse.
A. Implement a container that wraps PII data and stores keying material directly in the container’s encrypted application space. (This is a long answer, so we should show some respect in breaking it down.
1) Wrap PII data – How can you tell what is PII and what is not? I don’t know, but assuming anything with birthday is PII. Well then, a 10gb movie titled happy birthday 01.01.01 is PII. When we have to delete it, it will take enormous time and battery power.
2) Store key in encrypted container… what the hack? You mean: put your gold in the treasure chest, yeah put the key in there too and lock it. Ahh… how are you going to open this treasure chest again?
B. Use encryption keys for sensitive data stored in an eFuse backed memory space that is blown during remote wipe. (Maybe this is a better answer. Encrypt whatever. Put the key in eFuse. When you issue a remote wipe, blow the eFuse. The key to recover the date is gone and you have effectively render the data useless.
C. stronger…authentication. (No, this will not help in this scenario)
D. remove the bootloader. (No, no need for the device to boot up. Just extract the hard drive or flash drive and extract the data.)
Not sure, but like answer B more.
A