Securing Corporate-owned Mobility Infrastructure: Meeting Web Browsing Monitoring Requirements

How to Meet Web Browsing Monitoring Requirements for Corporate-owned Mobility Infrastructure

Q: An engineer maintains a corporate-owned mobility infrastructure, and the organization requires that all web browsing using corporate-owned resources be monitored.Which of the following would allow the organization to meet its requirement? (Choose two.)

Configure the devices to use an always-on IPSec VPNRestrict application permissions to establish only HTTPS connections outside of the enterprise boundary.

Prev Question Next Question

Question

An engineer maintains a corporate-owned mobility infrastructure, and the organization requires that all web browsing using corporate-owned resources be monitored.

Which of the following would allow the organization to meet its requirement? (Choose two.)

Answers

A. Exempt mobile devices from the requirement, as this will lead to privacy violations

B. Configure the devices to use an always-on IPSec VPN

C. Configure all management traffic to be tunneled into the enterprise via TLS

D. Implement a VDI solution and deploy supporting client apps to devices

E. Restrict application permissions to establish only HTTPS connections outside of the enterprise boundary.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E.

BE.

The organization requires monitoring of all web browsing using corporate-owned resources. This means that any web traffic originating from corporate-owned mobile devices should be monitored, including traffic that is initiated from applications running on these devices.

To meet this requirement, the engineer could take the following steps:

Configure devices to use an always-on IPSec VPN: By configuring mobile devices to use an always-on IPSec VPN, all web traffic originating from these devices will be encrypted and tunneled through the enterprise network. This will enable the organization to monitor all traffic passing through the VPN, including web browsing traffic, without violating user privacy.
Restrict application permissions to establish only HTTPS connections outside of the enterprise boundary: This approach involves configuring mobile devices to allow only HTTPS connections outside the enterprise boundary. This means that any web traffic originating from corporate-owned mobile devices will be encrypted, and it will be possible for the organization to monitor the HTTPS traffic passing through the enterprise boundary.

Options A, C, and D are not viable solutions for meeting the organization's requirements for monitoring web browsing traffic. Exempting mobile devices from the monitoring requirement would not meet the organization's security and compliance objectives. Tunnelling management traffic via TLS is focused on securing the communication between devices and servers and does not cover web browsing traffic. Deploying a VDI solution may help restrict user access to corporate resources, but it will not help in monitoring web browsing traffic from corporate-owned devices.

Therefore, the two solutions that would enable the organization to meet its requirement for monitoring web browsing traffic from corporate-owned devices are configuring devices to use an always-on IPSec VPN and restricting application permissions to establish only HTTPS connections outside the enterprise boundary.

Prev Question Next Question