SY0-301 · Question #263
During a recent user awareness and training session, a new staff member asks the Chief Information Security Officer (CISO) why the company does not allow personally owned devices into the company faci
The correct answer is A. Company A views personally owned devices as creating an unacceptable risk to the organizational IT systems.. Personally owned devices (BYOD in a restricted context) are prohibited in high-security environments primarily because they represent unacceptable risk to organizational IT systems. These devices may carry malware, lack required security configurations, connect to unsanctioned ne
Question
During a recent user awareness and training session, a new staff member asks the Chief Information Security Officer (CISO) why the company does not allow personally owned devices into the company facilities. Which of the following represents how the CISO should respond?
Options
- ACompany A views personally owned devices as creating an unacceptable risk to the organizational IT systems.
- BCompany A has begun to see zero-day attacks against personally owned devices disconnected from the network.
- CCompany A believes that staff members should be focused on their work while in the company's facilities.
- DCompany A has seen social engineering attacks against personally owned devices and does not allow their use.
How the community answered
(35 responses)- A89% (31)
- B6% (2)
- C3% (1)
- D3% (1)
Explanation
Personally owned devices (BYOD in a restricted context) are prohibited in high-security environments primarily because they represent unacceptable risk to organizational IT systems. These devices may carry malware, lack required security configurations, connect to unsanctioned networks, or exfiltrate sensitive data. This is the correct policy-based justification a CISO would give. Options B and D describe specific attack scenarios that are too narrow and not the primary policy rationale. Option C is a productivity argument, not a security justification, and would not be an appropriate CISO response.
Topics
Community Discussion
No community discussion yet for this question.