nerdexam
CompTIA

CAS-003 · Question #452

A technician is configuring security options on the mobile device manager for users who often utilize public Internet connections while travelling. After ensuring that full disk encryption is enabled,

The correct answer is C. Issue a remote wipe of corporate and personal partitions E. Implement an always-on VPN. When users travel and use public internet connections, always-on VPN encrypts all traffic to protect data in transit, while remote wipe capability ensures corporate data can be erased if a device is lost or compromised while away from the office.

Technical Integration of Enterprise Security

Question

A technician is configuring security options on the mobile device manager for users who often utilize public Internet connections while travelling. After ensuring that full disk encryption is enabled, which of the following security measures should the technician take? (Choose two.)

Options

  • ARequire all mobile device backups to be encrypted
  • BEnsure all mobile devices back up using USB OTG
  • CIssue a remote wipe of corporate and personal partitions
  • DRestrict devices from making long-distance calls during business hours
  • EImplement an always-on VPN

How the community answered

(18 responses)
  • B
    11% (2)
  • C
    83% (15)
  • D
    6% (1)

Why each option

When users travel and use public internet connections, always-on VPN encrypts all traffic to protect data in transit, while remote wipe capability ensures corporate data can be erased if a device is lost or compromised while away from the office.

ARequire all mobile device backups to be encrypted

Encrypting device backups protects data at rest in backup storage but does not address the threat of network interception or device theft while using public connections.

BEnsure all mobile devices back up using USB OTG

USB OTG (On-The-Go) is a cable connection standard for transferring data between mobile devices; it has no relevance to securing connections over public internet.

CIssue a remote wipe of corporate and personal partitionsCorrect

Configuring remote wipe ensures that if a device is lost or stolen while traveling - a heightened risk when using public networks - the security team can immediately erase all corporate and personal data, preventing unauthorized access to sensitive information.

DRestrict devices from making long-distance calls during business hours

Restricting long-distance calls is a cost-control measure unrelated to protecting data confidentiality or device security on public networks.

EImplement an always-on VPNCorrect

An always-on VPN ensures that all network traffic from the mobile device is tunneled through the corporate security stack regardless of what network the user connects to, protecting data in transit from interception on untrusted public Wi-Fi or cellular networks.

Concept tested: Mobile device security controls for public network usage

Source: https://csrc.nist.gov/publications/detail/sp/800-124/rev-2/final

Topics

#MDM#remote wipe#always-on VPN#mobile security

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice