CAS-002 · Question #90
CAS-002 Question #90: Real Exam Question with Answer & Explanation
The correct answer is C: Risks: Data exfiltration, loss of data via stolen mobile devices, increased data leakage at the. BYOD and personal device usage on corporate networks introduces real risks including data exfiltration, device theft causing data loss, and expanded attack surfaces, with MDM and policy controls as primary mitigations.
Question
Options
- ARisks: Data leakage, lost data on destroyed mobile devices, smaller network attack surface,
- BRisks: Confidentiality leaks through cell conversations, availability of remote corporate data,
- CRisks: Data exfiltration, loss of data via stolen mobile devices, increased data leakage at the
- DRisks: Theft of mobile devices, unsanctioned applications, minimal device storage, call quality
Explanation
BYOD and personal device usage on corporate networks introduces real risks including data exfiltration, device theft causing data loss, and expanded attack surfaces, with MDM and policy controls as primary mitigations.
Common mistakes.
- A. This option incorrectly states that BYOD results in a 'smaller network attack surface' - in reality, personal devices significantly expand the attack surface.
- B. Confidentiality leaks through cell conversations and 'availability of remote corporate data' are not primary BYOD security risks in an enterprise context and conflate telephony concerns with network security.
- D. While device theft is a valid risk, 'minimal device storage' and 'call quality' are not security risks and are irrelevant to a corporate network security threat model.
Concept tested. BYOD security risks and mobile device management mitigations
Reference. https://csrc.nist.gov/publications/detail/sp/800-124/rev-2/final
Community Discussion
No community discussion yet for this question.