Isaca Exam Cybersecurity-Audit-Certificate Topic 3 Question 38 Discussion

Replicating privileged access to a user's own mobile device presents the greatest risk to corporate data. This is because it potentially allows unauthorized access to sensitive information if the device is lost, stolen, or compromised. Privileged access means having elevated permissions that are typically reserved for administrators. When such access is available on a personal device, it bypasses many of the security controls that a company would normally have in place.

Option A, remote wipe, is actually a security feature that can protect data if a device is lost or stolen. Option B, lack of training, can increase risk but does not directly expose data like privileged access does. Option C, devices not obtained through corporate provisioning, can be a risk, but this risk is generally less than that of replicating privileged access.