CompTIA Security Plus Mock Test Q335

Which of the following is a security concern regarding users bringing personally-owned devices that they connect to the corporate network?

A. Cross-platform compatibility issues between personal devices and server-based applications
B. Lack of controls in place to ensure that the devices have the latest system patches and signature files
C. Non-corporate devices are more difficult to locate when a user is terminated
D. Non-purchased or leased equipment may cause failure during the audits of company-owned assets


Correct Answer: B
Section: Compliance and Operational Security

Explanation:
With employees who want to bring their own devices you will have to make them understand why they cannot. You do not want them plugging in a flash drive, let alone a camera, smartphone, tablet computer, or other device, on which company files could get intermingled with personal files. Allowing this to happen can create situations where data can leave the building that shouldn’t as well as introduce malware to the system. Employees should not sync unauthorized smartphones to their work systems. Some smartphones use multiple wireless spectrums and unwittingly open up the possibility for an attacker in the parking lot to gain access through the phone to the internal network. Thus if you do not have controls in place then your network is definitely at risk.

Incorrect Answers:
A: Cross-platform compatibility issues would not be impacting on security, rather it would be of concern to the employee who wanted to connect their own devices to the company
network.
C: While this may be true, why would you want to locate personally owned devices, it is not the property of the company.
D: Non-purchased and leased equipment is not a company asset.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 404
http://www.computerweekly.com/opinion/BYOD-data-protection-and-information-security-issues