ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
A development team is adding real-time location tracking to a new fitness app that periodically uploads GPS coordinates to the provider's cloud for route analytics and social sharing. To reduce the privacy risk to users while still meeting the functional requirement to show routes on a map, which architectural control provides the most effective mitigation?
Encrypt each GPS coordinate in transit using TLS 1.3 to prevent eavesdropping between the device and cloud.
Prompt users for explicit consent every time the app is opened before activating the GPS sensor and uploading data.
Define user-configured 'privacy zones' that omit location collection when the device is within a designated radius of home or work.
Aggregate GPS samples locally and upload only a down-sampled path with reduced spatial precision (e.g., street-level segments instead of exact coordinates).
Aggregating a user's path on the mobile device and uploading it only after converting precise GPS points into a coarse, less granular representation mitigates several privacy risks inherent in location-based services. It minimizes the amount of precise personal data that ever leaves the device, reducing exposure if cloud storage is breached and limiting the ability of insiders or third parties to infer sensitive details such as a user's home or workplace. Encrypting transmitted data is necessary for confidentiality in transit, but it does not lessen the provider's knowledge of exact whereabouts. Displaying 'privacy zones' still transmits accurate coordinates outside the zone and does not address linkage attacks on stored data. Requiring persistent user consent is good practice but, alone, does not technically limit the sensitivity of data collected or stored. Therefore, implementing client-side aggregation with spatial resolution reduction best aligns with the data minimization principle and offers the strongest privacy protection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is data aggregation beneficial for privacy in location-based services?
Open an interactive chat with Bash
What is spatial precision and how does reducing it protect user privacy?
Open an interactive chat with Bash
What are linkage attacks and how does client-side aggregation mitigate them?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .