ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 139 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 139
Topic #: 1
[All 312-50v13 Questions]

You are a cybersecurity consultant for a global organization. The organization has adopted a Bring Your Own Device (BYOD)policy, but they have recently experienced a phishing incident where an employee's device was compromised. In the investigation, you discovered that the phishing attack occurred through a third-party email app that the employee had installed. Given the need to balance security and user autonomy under the BYOD policy, how should the organization mitigate the risk of such incidents? Moreover, consider a measure that would prevent similar attacks without overly restricting the use of personal devices.

  • A. Provide employees with corporate-owned devices for work-related tasks.
  • B. Require all employee devices to use a company-provided VPN for internet access.
  • C. Implement a mobile device management solution that restricts the installation of non-approved applications.
  • D. Conduct regular cybersecurity awareness training, focusing on phishing attacks.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by ehsarx at March 8, 2025, 6:22 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Luispe
1 week ago
Selected Answer: C
MDM is the correct.
upvoted 1 times
...
KnightHeart
1 month ago
Selected Answer: C
C. Implement mobile device management (MDM) to restrict non-approved apps Action: Use MDM to block installation of unvetted third-party apps (e.g., the vulnerable email app). Rationale: MDM enables granular control over app installations, allowing only approved software that meets security standards. This directly addresses the incident's root cause: the use of a risky, non-approved application. By restricting untrusted apps, the organization reduces the attack surface while allowing approved personal apps (balancing security and autonomy). Conclusion: Targets the specific vulnerability (unapproved apps) without banning personal devices, aligning with BYOD goals.
upvoted 1 times
KnightHeart
1 month ago
Not D. Conduct regular phishing awareness training Action: Educate employees on identifying phishing attempts. Flaw: Training relies on user vigilance, which is fallible against sophisticated phishing attacks (e.g., spear phishing or convincing social engineering). The incident occurred through a third-party app, which may have inherent vulnerabilities regardless of user awareness (e.g., malicious apps designed to evade detection). Conclusion: Important as a supplementary measure but insufficient as a primary defense, as it does not prevent the installation of risky apps.
upvoted 1 times
...
...
Cherubael
2 months ago
Selected Answer: D
Imagine you use your Macbook/Laptop both at home for personal use and at work (Remember, this scenario is BYOD). How would YOU feel if your company controls what you get to install on your own PC that you paid for? Nobody would be okay with this and this is severely unrealistic.
upvoted 3 times
YeahBunny
1 month, 4 weeks ago
agree with that, also last sentence explicitly says: "consider a measure that would prevent similar attacks WITHOUT OVERLY RESTRICTING the use of personal devices." Considering above, correct answer can't be C here.
upvoted 1 times
...
...
killwitch
3 months, 2 weeks ago
Selected Answer: C
Since the phishing attack occurred via a third-party email app on an employee’s BYOD device, the best approach is to implement a Mobile Device Management (MDM) solution that: - Restricts the installation of non-approved applications, ensuring that only secure and vetted apps are used. - Enforces security policies, such as requiring multi-factor authentication (MFA) and encryption. - Monitors and manages mobile devices while respecting user privacy. This reduces the attack surface while allowing employees to continue using their personal devices under the BYOD policy.
upvoted 1 times
...
Gibsomd
3 months, 2 weeks ago
Selected Answer: C
In a BYOD environment, security policies must strike a balance between protecting company data and allowing user autonomy. The issue here is that a third-party email app bypassed corporate security controls, leading to the phishing compromise.
upvoted 2 times
...
ehsarx
3 months, 3 weeks ago
Selected Answer: D
I think we need to raise awareness to our users so that they can spot such attacks on their own devices. It's not easy to restrict installations on personal devices
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel