CompTIA CASP+ (CAS-003) — Question 327

An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:
✑ Be based on open-source Android for use familiarity and ease.
✑ Provide a single application for inventory management of physical assets.
✑ Permit use of the camera by only the inventory application for the purposes of scanning.
✑ Disallow any and all configuration baseline modifications.
✑ Restrict all access to any devices resource other than those required for use of the inventory management application.
Which of the following approaches would BEST meet these security requirements?

Answer options

• A. Set an application wrapping policy, wrap the application, distribute the Inventory APK via the MAM tool, and test the application restrictions.
• B. Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.
• C. Swap out Android's Linux kernel version for >2.4.0, build the kernel, build Android, remove unnecessary functions via MDM, configure to block network access, and perform integration testing.
• D. Build and install an Android middleware policy with requirements added, copy the file into /usr/init, and then build the inventory application.

Correct answer: C

Explanation

Option C is the best choice because it allows for complete control over the Android environment, ensuring that only the necessary functions for inventory management are included and that all other configurations are restricted. The other options either do not provide the required level of control or do not specifically address all the security requirements outlined for the devices.