CAS-003 · Question #317
CAS-003 Question #317: Real Exam Question with Answer & Explanation
The correct answer is D: Configure and monitor devices with an MDM.. MDM is the only solution listed that can enforce all four stated requirements - full-device encryption, remote wipe, unsigned app blocking, and containerization - across personal BYOD devices from a single management plane.
Question
Options
- ARequire frequent password changes and disable NFC.
- BEnforce device encryption and activate MAM.
- CInstall a mobile antivirus application.
- DConfigure and monitor devices with an MDM.
Explanation
MDM is the only solution listed that can enforce all four stated requirements - full-device encryption, remote wipe, unsigned app blocking, and containerization - across personal BYOD devices from a single management plane.
Common mistakes.
- A. Frequent password changes and disabling NFC are minor hardening measures that do not enforce encryption, provide remote wipe, block unsigned apps, or enable containerization of corporate data.
- B. Enforcing device encryption combined with MAM (Mobile Application Management) addresses app-level sandboxing but MAM alone does not provide full-device remote wipe or enforce OS-level full-device encryption the way MDM does.
- C. A mobile antivirus application detects and removes malware but cannot enforce encryption, execute remote wipe, block unsigned applications, or provide containerization of corporate accounts.
Concept tested. MDM enforcement of BYOD full-device security policy
Reference. https://learn.microsoft.com/en-us/mem/intune/enrollment/device-enrollment
Community Discussion
No community discussion yet for this question.