312-50V13 · Question #499
312-50V13 Question #499: Real Exam Question with Answer & Explanation
The correct answer is D: Conduct regular cybersecurity awareness training, focusing on phishing attacks.. Explanation Regular cybersecurity awareness training (D) is the optimal solution because it directly addresses the root cause of the incident - the employee's lack of awareness about phishing threats - while preserving user autonomy, which is the core principle of a BYOD policy.
Question
You are a cybersecurity consultant for a global organization. The organization has adopted a Bring Your Own Device (BYOD)policy, but they have recently experienced a phishing incident where an employee's device was compromised. In the investigation, you discovered that the phishing attack occurred through a third-party email app that the employee had installed. Given the need to balance security and user autonomy under the BYOD policy, how should the organization mitigate the risk of such incidents? Moreover, consider a measure that would prevent similar attacks without overly restricting the use of personal devices.
Options
- AProvide employees with corporate-owned devices for work-related tasks.
- BImplement a mobile device management solution that restricts the installation of non-approved
- CRequire all employee devices to use a company-provided VPN for internet access.
- DConduct regular cybersecurity awareness training, focusing on phishing attacks.
Explanation
Explanation
Regular cybersecurity awareness training (D) is the optimal solution because it directly addresses the root cause of the incident - the employee's lack of awareness about phishing threats - while preserving user autonomy, which is the core principle of a BYOD policy. Training empowers employees to make informed decisions regardless of which apps or devices they use, making it a scalable and non-restrictive control.
Why the distractors fail:
- Option A abandons the BYOD policy entirely, contradicting the premise of the question, which asks for a solution within the BYOD framework
- Option B restricts personal device freedom by controlling app installations, which violates user autonomy and the spirit of BYOD
- Option C mandating a corporate VPN controls network traffic but does nothing to prevent an employee from falling for a phishing email in the first place - it addresses the wrong layer of the problem
🧠 Memory Tip
Think "BYOD = Behavior Over Device" - when you can't fully control the device, you must control the behavior of the person using it. Training shapes human behavior, making it the most compatible control with BYOD environments. If an answer respects user freedom while reducing risk through education, it's almost always the strongest choice.
Topics
Community Discussion
No community discussion yet for this question.