Exam SY0-601 topic 1 question 216 discussion

B. Configure the MDM software to enforce the use of PINs to access the phone. - it is the only answer that honestly have sense to me. FDE (full disc encription) does not address those problems

A. Enable the remote-wiping option in the MDM software in case the phone is stolen. This option would allow the company to remotely wipe only the company data from the employee's device in case it's lost or stolen, while preserving the employee's personal data. This addresses both the company's concern of protecting its data and the employee's concern of preserving their personal data. The use of remote-wiping in conjunction with encryption, such as full disk encryption (FDE), can provide an added layer of protection for sensitive company data stored on the device.

MDM software is a type of remote asset-management software that runs from a central server. It is used by businesses to optimize the functionality and security of their mobile devices, including smartphones and tablets. It can monitor and regulate both corporate-owned and personally owned devices to the organization's policies.

B. Configure the MDM software to enforce the use of PINs to access the phone

A. Enable the remote-wiping option in the MDM software in case the phone is stolen. Enabling the remote-wiping option allows the IT department to remotely erase company data from the device if it is lost, stolen, or if an employee leaves the company. This ensures that sensitive company information remains secure even if the device falls into unauthorized hands. Importantly, remote wiping typically targets only company data, leaving personal data untouched, which helps alleviate employees' concerns about personal data loss.

To best protect the company against data loss while addressing employees' concerns about personal data, the IT department should implement: A. Enable the remote-wiping option in the MDM software in case the phone is stolen. Enabling remote wiping allows the company to remotely erase corporate data from a device if it's lost or stolen, while leaving personal data untouched. This provides a balance between protecting company data and respecting employees' privacy by only targeting corporate data for deletion.

B is a must A for BYOD Devices delete data within Work apps. IMO B would be more important then A can be done over time.

B - The purpose of MDM is to be able to remote wipe if needed so the company can protect its data, this question says which will address not wiping personal data and protecting data, it does not need to be enabled. You enable a pin, which is usually 6 digits and it is needed for the work profile.

The least worst answer out of these. Not having a lock screen won't be good for the employees personal data and wiping the device would mean they would lose it all.

Enforcing the use of PINs enhances the overall security of the device, protecting both company and personal data. It adds an extra layer of authentication without directly affecting personal content.

The best option to address both company data security and employee privacy concerns regarding BYOD and MDM is C. Configure MDM for FDE without enabling the lock screen. Here's why: Benefits of FDE (Full Disk Encryption): Protects company data: All data stored on the device, including company emails, messages, and app data, is encrypted at rest and cannot be accessed without the decryption key. This mitigates the risk of company data leaking if the device is lost or stolen. Preserves personal data privacy: Personal files and applications remain unencrypted and accessible to the user without the need for company access or involvement. This addresses employee concerns about privacy intrusion.

Configure the MDM software to enforce the use of PINs to access the phone. - it is the only answer that honestly have sense to me.

If the answer is A, why would a company configure MDM to remote wipe employees personal data ? The question emphasizes the employees concerns on the loss of their personal data. These options are just not it but I'd go with B here.

Truthfully, the answer should probably be containerization to separate the data, but since it's not. B seems the most appropriate because it provides protection without the users worrying their devices will be wiped.

I read the statement "employees are concerned about the loss of personal data" as they are concerned about loss of data if their phone is lost or stolen much the same as a company would be in the same circumstances with their data. Remote device wiping would protect the company's data loss and also protect the employees personal data loss with this perspective. If you want to look at it in the more popular viewpoint that they are afraid of losing their data with a device wipe, A could also be applicable if its an enterprise wipe. This would BEST protect in either of these scenarios than the other options. But it would fail if the answer referred to device wipe and the personal data loss concerns was in regards to having their data wiped by the company. Shit comptia wording as usual, but I will take the chance.

ANSWER IS A. While enforcing the use of PINs is a good security practice, it may not directly address data loss concerns as effectively as remote wipe. Enforcing PINs can prevent unauthorized access to the device, but it won't protect company data from being lost or exposed if the device is lost or stolen.

A makes more sense. Company can remotely wipe phone with company data. Still the user will not be affected by this. Answers what the question is asking