CompTIA CASP+ (CAS-003) — Question 55

A security consultant is improving the physical security of a sensitive site and takes pictures of the unbranded building to include in the report. Two weeks later, the security consultant misplaces the phone, which only has one hour of charge left on it. The person who finds the phone removes the MicroSD card in an attempt to discover the owner to return it.
The person extracts the following data from the phone and EXIF data from some files:

DCIM Images folder -

Audio books folder -

Torrentz -

My TAX.xls -

Consultancy HR Manual.doc -

Camera: SM-G950F -

Exposure time: 1/60s -

Location: 3500 Lacey Road USA -
Which of the following BEST describes the security problem?

Answer options

• A. MicroSD in not encrypted and also contains personal data.
• B. MicroSD contains a mixture of personal and work data.
• C. MicroSD in not encrypted and contains geotagging information.
• D. MicroSD contains pirated software and is not encrypted.

Correct answer: C

Explanation

The correct answer is C because the MicroSD card is not encrypted and contains geotagging information that reveals the location of the images, posing a privacy risk. Option A is incorrect as it focuses on personal data, while B emphasizes the mix of data without highlighting the geotagging issue. Option D is wrong as it discusses pirated software, which is not the main concern in this scenario.