CompTIA Security+ (SY0-601) — Question 94

A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are concerned about the loss of personal data. Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees’ concerns?

Answer options

• A. Enable the remote-wiping option in the MDM software in case the phone is stolen.
• B. Configure the MDM software to enforce the use of PINs to access the phone.
• C. Configure MDM for FDE without enabling the lock screen.
• D. Perform a factory reset on the phone before installing the company's applications.

Correct answer: B

Explanation

The correct answer is B because enforcing the use of PINs helps secure access to the device, thereby protecting company data while maintaining employee privacy. Option A, while useful for lost devices, could lead to the erasure of personal data, raising employee concerns. Option C does not provide adequate security, and option D would not address the ongoing use of the device effectively.