A user has called the help desk to report an enterprise mobile device was stolen. The technician receiving the call accesses the MDM administration portal to identify the device’s last known geographic location. The technician determines the device is still communicating with the MDM. After taking note of the last known location, the administrator continues to follow the rest of the checklist. Which of the following identifies a possible next step for the administrator?
A. Remotely encrypt the device B. Identify the mobile carrier’s IP address C. Reset the device password D. Issue a remote wipe command
A thief has stolen mobile device and removed its battery to circumvent GPS location tracking. The device user is a four digit PIN. Which of the following is a mobile device security control that ensures the confidentiality of company data?
A. Remote wiping B. Mobile Access control C. Full device encryption D. Inventory control
Company XYZ’s laptops was recently stolen from a user which led to the exposure if confidential information. Which of the following should the security team implement on laptops to prevent future compromise?
A. Cipher locks B. Strong passwords C. Biometrics D. Full Disk Encryption
A user has an Android smartphone that supports full device encryption. However when the user plus into a computer all of the files are immediately accessible. Which of the following should the user do to enforce full device confidentiality should the phone be lost or stolen?
A. Establish a PIN passphrase B. Agree to remote wipe terms C. Generate new media encryption keys D. Download the encryption control app from the store
One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is physically stolen is to implement which of the following?
A. File level encryption with alphanumeric passwords B. Biometric authentication and cloud storage C. Whole disk encryption with two-factor authentication D. BIOS passwords and two-factor authentication
Correct Answer: C Section: Access Control and Identity Management
Whole-disk encryption only provides reasonable protection when the system is fully powered off. to make the most of the defensive strength of whole-disk encryption, a long, complex
passphrase should be used to unlock the system on bootup. Combining whole-disk encryption with two factor authentication would further increase protection.
A: configuring file level encryption with alphanumeric passwords would still allow thieves access to the system, and time to crack the password.
B: Biometric authentication and cloud storage would work, but the question requires a basic solution.
D: BIOS passwords are easily removed by removing the CMOS battery, allowing a thief to power up the laptop. Once powered on, the thief can crack passwords at their leisure.
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 252, 282
Which of the following can be used on a smartphone to BEST protect against sensitive data loss if the device is stolen? (Select TWO).
A. Tethering B. Screen lock PIN C. Remote wipe D. Email password E. GPS tracking F. Device encryption
Correct Answer: C,F Section: Application, Data and Host Security
C: Remote wipe is the process of deleting data on a device in the event that the device is stolen. This is performed over remote connections such as the mobile phone service or the
internet connection and helps ensure that sensitive data is not accessed by unauthorized people.
F: Device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.
A: Device tethering is the process of connecting one device to another over a wireless LAN (Wi-Fi) or Bluetooth connection or by using a cable. This allows the tethered devices to
share an Internet connection. It does not protect the device against data loss in the event of the device being stolen.
B: Screen locks are a security feature that requires the user to enter a PIN or a password after a short period of inactivity before they can access the system again. This feature
ensures that if your device is left unattended or is lost or stolen, it will be a bit difficult for anyone else to access your data or applications. However, screen locks may have
workarounds, such as accessing the phone application through the emergency calling feature.
D: Some email applications allow users to set a password on an email that could be shared with the recipient. This does not protect against sensitive data loss if the device is stolen.
E: Global Positioning System (GPS) tracking can be used to identify its location of a stolen device and can allow authorities to locate the device. However, for GPS tracking to work, the
device must have an Internet connection or a wireless phone service over which to send its location information.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 418-419
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 236, 237