Controls for Mobile Device Security Compliance
Question
A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy.
The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met: -> Mobile device OSs must be patched up to the latest release.
-> A screen lock must be enabled (passcode or biometric)
-> Corporate data must be removed if the device is reported lost or stolen.
Which of the following controls should the security engineer configure? (Choose two.)
A.
Containerization B.
Storage segmentation C.
Posturing D.
Remote wipe E.
Full-device encryption F.
Geofencing.
CD.
Explanations
A security engineer needs to implement an MDM solution that complies with the corporate mobile device policy.
The policy states that in order for mobile users to access corporate resources on their devices, the following requirements must be met: -> Mobile device OSs must be patched up to the latest release.
-> A screen lock must be enabled (passcode or biometric)
-> Corporate data must be removed if the device is reported lost or stolen.
Which of the following controls should the security engineer configure? (Choose two.)
A.
Containerization
B.
Storage segmentation
C.
Posturing
D.
Remote wipe
E.
Full-device encryption
F.
Geofencing.
CD.
The security engineer needs to implement an MDM (Mobile Device Management) solution that complies with the corporate mobile device policy. The policy has three requirements that must be met before mobile users can access corporate resources on their devices:
- Mobile device OSs must be patched up to the latest release.
- A screen lock must be enabled (passcode or biometric).
- Corporate data must be removed if the device is reported lost or stolen.
To comply with these requirements, the security engineer should configure the following controls:
Full-device encryption: This control ensures that all data on the device is encrypted, so even if the device is lost or stolen, the data cannot be accessed without the encryption key. Full-device encryption also helps to prevent unauthorized access to data in case the device falls into the wrong hands.
Remote wipe: This control allows the security team to remotely wipe corporate data from the device if it is reported lost or stolen. This ensures that sensitive information does not fall into the wrong hands.
Other controls that are not relevant to this scenario:
A. Containerization: This control creates a separate, encrypted container on the device to store corporate data, but it does not necessarily ensure that the device is patched or has a screen lock enabled.
B. Storage segmentation: This control separates corporate data from personal data on the device, but it does not necessarily ensure that the device is patched or has a screen lock enabled.
C. Posturing: This control checks the device's compliance with security policies, but it does not necessarily ensure that the device is patched or has a screen lock enabled.
F. Geofencing: This control creates a virtual boundary around a physical location and can trigger certain actions when a device enters or leaves that boundary. However, it does not necessarily ensure that the device is patched or has a screen lock enabled.
