Exam CAS-004 topic 1 question 56 discussion

This is a tricky question from CompTIA, at least not as stupid as other questions. It's definitely C because MAM software secures and enables IT to control over enterprise applications on end users' corporate and personal smartphones and tablets and allows for selective wipes when the person leaves the organization. MFA will help with compromised credentials and finally DRM will provide us with Email DRM Protection as Senders should be able to stop recipients from forwarding sensitive messages or downloading confidential documents locally. https://www.virtru.com/blog/drm-protection

C; sounds like DRM, MFA, and application management to me

Mobile Device Management (MDM): MDM allows the organization to control and manage employee-owned devices. With MDM, the organization can enforce security policies, monitor device usage, and manage the applications installed on the device. This helps prevent unauthorized access to corporate data and reduces the risk of data being exfiltrated after an employee leaves the organization. Remote Wipe: This feature enables the organization to remotely erase all corporate data from a device if it is lost, stolen, or if the employee leaves the company. This helps ensure that unstructured corporate data, which may be stored locally on the device, is not accessible after the employee departs, mitigating the risk of data exfiltration. Data Loss Detection (DLP): DLP policies can be applied to detect and prevent unauthorized transfers of sensitive data (e.g., email attachments or files shared via collaboration apps). These policies can identify potential data exfiltration attempts, whether they are intentional or the result of compromised credentials.

Mobile Application Management (MAM): MAM allows the organization to control and secure the applications used on employees' personal devices. It ensures that only approved collaboration applications are used and that corporate data is managed securely within those apps. Multi-Factor Authentication (MFA): MFA adds an extra layer of security by requiring multiple forms of verification before granting access to corporate applications and data. This helps mitigate the risk of data exfiltration due to compromised credentials. Digital Rights Management (DRM): DRM helps protect sensitive information by controlling how data can be accessed, used, and shared. It ensures that data remains protected even if it is moved between approved applications or if an employee leaves the organization.

DLP is important in data exfiltration...

"approved collaboration applications"

C. MAM is limiting the "Work" side of the phone, MFA to get after people have left, but DRM will have to utilize features to prevent exfiltration. (wish it said DLP) You would not remote wipe employee's or former employee's personal phones so A is not the answer. DNS over HTTPS (DoH) is only for 443 but has nothing to do with the concerns in the question Certificates, DLP seem to be kinda on point but geofencing and certificates don't really get after all of the concerns. Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

BYOD, MDM and MAM are the key indicators. "One significant way that MAM is different than MDM is that MAM does not need control over the device. MAM ensures that sensitive data is not sent or copied to other applications. Employees using their own devices feel more at ease with MAM, as it has less control over their entire device than MDM software." They described collaboration applications on BYOD.

A DLP should protect from "Data being exfiltrated as a result of compromised credentials" DRM will not.

i do not think it is D because of the use of geofencing. Geofencing is a location-based technology service in which a mobile, desktop or cloud-based app or other software uses GPS, RFID, Wi-Fi or cellular data to trigger a pre-programmed action when a mobile device or RFID tag or mobile device enters or exits a virtual boundary set up around a geographical location, known as a geofence. DRM is a broad term describing many different technical formats, it always includes some form of digital padlock on the file. These locks are called "license encryption keys" (complex mathematical codes), which prevent anyone from using or copying the file. People who pay for these encryption license keys receive unlock codes to use the file for themselves, but they are usually not allowed to share the file with other people. we are only concerned with the first iteration of the solution: utilize ONLY approved collaboration applications and the ability to move corporate data between those applications.

MDM is a set of tools and practices that are used to manage and secure mobile devices that are used in a BYOD environment. By implementing MDM, the security team can ensure that only approved collaboration applications are installed on the devices, and can enforce policies to ensure that corporate data is handled securely. Remote wipe is a feature that allows the security team to remotely delete all data from a device if it is lost or stolen. This can help to prevent sensitive data from being exfiltrated after an employee leaves the organization, as the security team can remotely wipe the device to ensure that no sensitive data is left on it. Data loss detection is a security feature that is designed to detect and alert the security team when sensitive data is being exfiltrated from the organization. This can help to prevent data from being exfiltrated as a result of compromised credentials or other types of data leakage.

The question is very straightforward for me. Sensitive information being exfiltrated by email will be detected by DLP

This is very confusing because a previous question that kind of relates to this question tells us to do remote wipe.

I select C because a MAM is concerned about corporate applications and not the whole device.

I could pitch either A, C, or D... screw comptia

I also think the answer is C.

I was going through these questions and actually answered D this time. Im inclined to agree with AlexJacobson and want to say D