A. Full device encryption D. Containerization See Pref. Messer: https://www.professormesser.com/security-plus/sy0-601/sy0-601-video/mobile-device-management-2/ "One way to manage this is through containerization. In this context, containerization means that we’re creating separate areas or partitions on the mobile device where we can keep private information in one partition and company information in another. This is different than the containerization that you might see for application deployment." "It seems almost standard these days that when we deploy a mobile device that we also ensure that all of the data stored on that device is encrypted. We do that by using full device encryption or FDE. Some mobile devices give you an option as to how you would like to implement that full device encryption. It can be, for example, a strongest setting, a stronger, or a strong."

D. Containerization F. Remote control Containerization and remote control are two solutions that can help a security analyst implement an MDM (Mobile Device Management) solution for BYOD (Bring Your Own Device) users that will allow the company to retain control over company emails residing on the devices and limit data exfiltration if the devices are lost or stolen. Containerization allows the company to create a secure and isolated environment (container) on the user's device to store company data, including email. This container can be managed and secured independently from the user's personal environment on the device, ensuring that company data is protected. Remote control enables the security analyst to remotely access and manage the user's device. This allows the analyst to remotely wipe company data from the device if it is lost or stolen, or to lock or locate the device. Additionally, remote control can be used to enforce security policies and configurations on the device to ensure it complies with the company's security requirements.

Think about it. Would you let your company fully encrypt your personal phone and make it slow and uses way more battery? No, it’s overkill for protecting emails. Simply containerize the work stuff, then you can encrypt it from there and add remote wiping incase a user loses their phone.

It's a BYOD device, so full device encryption may not be wanted by the user (it's very slow and battery hungry) Containers are encrypted, by default, so exfiltration is not possible. Remote control makes sense because you can remote wipe a container for extra security

To meet the requirements of retaining control over company emails on BYOD devices and limiting data exfiltration in case of loss or theft, the security analyst should implement: D. Containerization - Containerization involves separating corporate data and applications from personal data on the device by encapsulating them within a secure container. This allows the organization to have control over company emails and data while maintaining user privacy for personal use. In case of device loss or theft, the container can be remotely wiped, ensuring that corporate data remains protected. F. Remote control - Remote control capabilities allow the organization to remotely manage and control devices, including performing actions like remote wipe or locking the device in case of loss or theft. This helps prevent unauthorized access to corporate data and mitigates the risk of data exfiltration.

The feature of Mobile Device Management (MDM) that allows a company to limit data exfiltration that might occur if a BYOD (Bring Your Own Device) mobile device is lost or stolen is Remote Control12. This feature enables administrators to remotely lock and erase data on the device, thereby preventing unauthorized access and protecting sensitive company data12. While Full Disk Encryption is a valuable security measure, it primarily protects data at rest and would not necessarily prevent data exfiltration if the device is unlocked1. Geofencing is a feature that triggers an action when a mobile device enters a set location, which can be useful for managing devices in specific locations but does not directly prevent data exfiltration3. In summary, while all these features contribute to the overall security of a device, the Remote Control feature of MDM is the most directly relevant to limiting data exfiltration in the event of a device being lost or stol

Per Darril Gibson's Security+ book "Full disk encryption typically isn't feasible for BYOD because the employees own the devices. This would only be feasible with COPE (Corporate Owned, Personally Enabled) devices." So, the answer should be DF.

Seen a similar question to this between 100-300 and one of the answers was FDE. Im gonna go with FDE as this seems to be up in the air.

"limit data exfiltration, if the devices are lost or stolen".. remote control to delete company data is good option here, or ,,if your phone is not patched delete company apps is also good option for company according to policy

Answer DE (D) Containerization: Containerization involves creating a separate, secure container on the device to store and manage corporate data. This allows for better control over corporate email and data while keeping it separate from the user's personal data. Containerization also facilitates the removal of corporate data if the device is lost or stolen without affecting the user's personal data. (E) Application whitelisting: Application whitelisting can play a crucial role in email security. By whitelisting email applications that are approved for use on BYOD devices, you can ensure that corporate email is accessed only through authorized and secure email clients. This helps in retaining control over company emails and limiting data exfiltration by preventing the use of unauthorized or insecure email apps.

The correct answers are: Containerization Full device encryption The key to this question is that they want to protect the data if the device is stolen or lost. Many argue that "Remote Control" would serve for this, but it is not the case since the attacker could remove the SIM card from the phone, rendering it without connectivity, and thus gaining access to the data. The phone, without connectivity, would not receive the remote wipe commands sent by Remote Control. However, if the phone is encrypted, it is impossible for attackers to access the content, regardless of whether the phone is powered on or not.

A. Full device encryption: By implementing full device encryption, all the data stored on the device, including company emails, will be encrypted and protected. If the device is lost or stolen, the data will remain secure and inaccessible without the encryption key. D. Containerization: Containerization is a technique that creates separate containers or secure spaces on the device to isolate company data, such as emails, from personal data. This allows for better control over company information and prevents unauthorized access or data leakage. If the device is lost or stolen, only the container with company data is at risk, while personal data remains protected.

Full device encryption. Encryption protects against loss of confidentiality on multiple platforms, including workstations, servers, mobile devices, and data transmissions. Encryption methods such as full device encryption provide device security, application security, and data security. While an organization can ensure corporate-owned devices use full device encryption, this isn’t always possible when employees use their own devices." "Containerization. The virtualization section earlier in this chapter discusses the use of container virtualization. Organizations can also implement containerization in mobile devices and encrypt the container to protect it without encrypting the entire device. Running an organization’s application in a container isolates and protects the application, including any of its data. This is very useful when an organization allows employees to use their own devices." -Security+ Get Certified Get Ahead SY0-601 by Darril Gibson

AD are optional as Abdul2107 said. Containerization is a good way to separate company data from personal. F is not good for devices from BYOD model. Nobody wants his/her own device to be remote controlled by employer's IT team.

If you want to configure MDM on my phone, you have to containerize it so I can have some sense of privacy on my personal data. That said, If you want to ensure your data is completely not obtainable in the case I loose my device (Which is highly unlikely now cus I am so broke I cant loose my phone, you have to shoot me bro), then please configure remote wiping. Thanks guys.

If employer encrypts your iphone, I doubt itunes has the ability to access an unencrypted picture.. on your Mac/PC - Not (A)

D: Containerization to secure the data inside the corp app E: Application approve list to only allow corp apps to be installed on the device