CH05 Mobile Device Security Flashcards
Which mobile device strategy is most likely to result in the introduction of vulnerable devices to a corporate network?
a. COPE
b. CYOD
c. BYOD
d. MDM
c. BYOD
The BYOD (bring your own device) strategy opens a network to many vulnerabilities. People are able to bring their personal devices to the corporate network, and their devices may contain vulnerabilities that could be allowed to roam free on a corporate network.
Your smartphone begins to receive unsolicited messages while you are eating lunch at the restaurant across the street from your office. What might cause this to occur?
a. Packet sniffing
b. Bluesnarfing
c. Bluejacking
d. Geotagging
c. Bluejacking
Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as smartphones and tablets.
Bluesnarfing, on the other hand, involves taking data from a smartphone or tablet over Bluetooth without permission.
Bluetooth has a very limited range, so the attacker is likely within 10 meters of the victimized device.
Geotagging involves embedded the geolocation coordinates into a piece of data (normally a photo or video).
Packet sniffing is a passive method of collecting network traffic for follow-on analysis at a later time.
Tim, a help desk technician, receives a call from a frantic executive who states that their company-issued smartphone was stolen during their lunch meeting with a rival company’s executive. Tim quickly checks the MDM administration tool and identifies that the user’s smartphone is still communicating with the MDM and displays the location of the device on a map. What should Tim do next to ensure the data on the stolen device remains confidential and inaccessible to the thief?
a. Reset the device’s password
b. Perform a remote wipe of the device
c. Remote encrypt the device
d. Identify the IP address of the smartphone
b. Perform a remote wipe of the device
To ensure the data remains confidential and is not accessed by the thief, Tim should perform a remote wipe of the device from the MDM. This will ensure any and all corporate data is erased prior to anyone accessing it.
Additionally, Tim could reset the device’s password, but if the thief is able to guess or crack the password, then they would have access to the data.
Identifying the IP address of the smartphone is not a useful step in protecting the data on the device.
Additionally, devices should be encrypted BEFORE they are lost or stolen, not after.
Which mobile device strategy is most likely to introduce vulnerable devices to a corporate network?
a. BYOD
b. CYOD
c. MDM
d. COPE
a. BYOD
OBJ-3.5: The BYOD (bring your own device) strategy opens a network to many vulnerabilities. People can bring their personal devices to the corporate network, and their devices may contain vulnerabilities that could be allowed to roam free on a corporate network. COPE (company-owned/personally enabled) means that the company provides the users with a smartphone primarily for work use, but basic functions such as voice calls, messaging, and personal applications are allowed, with some controls on usage and flexibility. With CYOD, the user can choose which device they wish to use from a small selection of devices approved by the company. The company then buys, procures, and secures the device for the user. The MDM is a mobile device management system that gives centralized control over COPE company-owned personally enabled devices.
