CASP+ Exam: Configuring MDM Settings for Application Installation

Configuring MDM Settings for Application Installation

Question

A security analyst is reviewing the corporate MDM settings and notices some disabled settings, which consequently permit users to download programs from untrusted developers and manually install them.

After some conversations, it is confirmed that these settings were disabled to support the internal development of mobile applications.

The security analyst is now recommending that developers and testers have a separate device profile allowing this, and that the rest of the organization's users do not have the ability to manually download and install untrusted applications.

Which of the following settings should be toggled to achieve the goal? (Choose two.)

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F.

EF.

The goal is to allow developers and testers to manually download and install untrusted mobile applications while preventing the rest of the organization's users from doing so. Two settings that could be toggled to achieve this goal are:

  1. Side loading: This refers to the ability to manually install applications on a device without going through an app store or official channel. By disabling side loading for all users except developers and testers, the organization can prevent unauthorized apps from being installed by most users.

  2. Containerization: This is a technique where apps are isolated in a separate "container" on a device, which restricts their access to other apps and data on the device. By using containerization, the organization can create a separate device profile for developers and testers that allows them to download and install untrusted apps, but keeps those apps separate from the rest of the organization's data and apps.

The other options may not directly address the issue at hand:

  • OTA updates (Over-The-Air updates) refers to updates sent directly to the device from the service provider or vendor. While important for device security and functionality, OTA updates don't specifically address the issue of untrusted app installations.

  • Remote wiping refers to the ability to remotely erase data from a device. While useful in case of a lost or stolen device, remote wiping doesn't address the issue of untrusted app installations.

  • Sandboxing refers to the technique of isolating an app from other apps and system resources. While similar to containerization, sandboxing alone may not be enough to prevent untrusted apps from being installed.

  • Signed applications refer to apps that have been digitally signed by the developer, indicating that the app is genuine and has not been tampered with. While important for app security, signed applications don't directly address the issue of untrusted app installations.

Therefore, the recommended settings to toggle are Side loading and Containerization.