Question

A Corporation with a BYOD policy is very concerned about issues that may arise from data ownership. The corporation is investigating a new MDM solution and has gathered the following requirements as part of the requirements Gathering phase:

• each device must be issued a secure token of trust from the corporate pki

• all corporate applications and local that I must be able to be deleted from essential console

• cloud storage and backup application must be restricted from the device

• devices must be on the latest OS version within three weeks of an OS release

Which of the following should be preachers in the new MDM solution to meet these requirements? Select 2

1.   Application based containerization

2. Enforced full device encryption

3. mandatory acceptance of scep system

4. sideloaded application prevention

5. biometric requirement to unlock device

6. over the air update restriction

Answer 1

May this helps you...

Since, a Corporation with a BYOD policy is very concerned about issues that may arise from data ownership, It should opt for a specific MDM solution that apt for the corporation to maintain it's security measures among their products.

Taking in consideration with the MDM solution i.e, Mobile Device Management, which mainly foucuses on the administration of mobile devices, such as smartphones, tablet computers and laptops, out of all the above parameters, enforced full device encryption and mandatory acceptance of scep system should be taken care off.

Before getting further behind the reason for opting these two options, first, let's talk about BYOD policy:

Bring your own device, BYOD, is the evolving trend of employees using their personal devices for work purposes. The device mentioned here might be a laptop, smartphone, tablet, portable disk drive or any consumer piece of data technology.
Companies may utilize BYOD or a subset of the trend, like BYOC, or bring your own computer. Whatever level of consumer technology a corporation allows within its greater IT infrastructure, an equivalent benefits and risks apply.

Now, if we talk about the two prechers in the new MDM solutions, the first one is, enforced full device encryption.

Enforced Encryption allows IT Administrators to increase their Device Control policy and confirm all confidential data transferred to USB storage devices is automatically encrypted. The solution are often used on both macOS and Windows computers.
The Enforced Encryption functionality is enabled from Device Control, by assigning the “Allow Access if device is Trusted Device Level 1+” right to USB Storage Devices, - on Global/Group/Computer or User level. As soon because the user connects their USB device to their computer where the Endpoint Protector client is installed, the encryption application called EasyLock are going to be automatically pushed onto the device, prompting the user to define a password for the application.
After the EasyLock application has been successfully installed on the USB, the user can copy files from their computer inside the encrypted container of the device, this manner ensuring those files are safe and not accessed by any other person that might get a hold of the USB drive, without knowing the password.
Using the Enforced Encryption functionality gives the administrator the possibility to centrally manage the encrypted devices, by changing user's password, resetting the device, sending messages etc.
Compared to FileVault or BitLocker, the EasyLock encryption application is cross-platform, - so a user can encrypt files on a Mac and decrypt them on a Windows machine.

And the other parameter is, mandatory acceptance of scep system, it is an antivirus and anti-malware tool for Windows. With SCEP you'll manage antimalware policies and Windows Firewall settings for multiple computers located throughout your network. The solution is used by many enterprises and educational institutions to protect endpoints from online threats like malware.
SCEP comes integrated with the system management software Center and offers a client for Windows, Mac, and Linux devices. You can use Microsoft System Center Configuration Manager (SCCM) to manage SCEP.