Chapter 13: Wireless and Mobile Security

Key Phrase: "hardening iOS devices"

Explanation:
Correct Answer (B): The CIS benchmarks provide specific guidelines for securing various operating systems, including iOS, and are commonly used in industry to harden devices.
Why others are wrong:
A: OWASP focuses on web application security, not device-specific hardening guidelines.
C: NIST 800-103 provides guidance on security awareness and training, not specific device hardening.
D: NIST 800-111 covers cloud computing security, which is not applicable to device hardening.

Key Phrase: "BYOD model"

Explanation:
Correct Answer (D): Containerization allows corporate apps and data to be isolated from personal apps, keeping corporate resources secure on BYOD devices.
Why others are wrong:
A: Biometrics ensure that the right user is using the device but do not address separation of corporate and personal data.
B: Full-device encryption protects data at rest but doesn’t provide separation between corporate and personal data.
C: Context-aware authentication ensures the user is authorized but does not create a separate environment for corporate data.

Key Phrase: "work only in the factory"

Explanation:
Correct Answer (B): Geofencing allows restrictions on device usage based on its location. When the devices leave the designated area (the factory), access to business data can be restricted.
Why others are wrong:
A: Context-aware authentication can restrict logins, but doesn’t fully control device access based on location.
C: Geolocation provides location data but doesn’t automatically restrict access to services.
D: Unified endpoint management (UEM) is useful for managing devices, but geofencing is the more specific solution for location-based restrictions.

Key Phrase: "access points conflicting"

Explanation:
Correct Answer (D): Decreasing broadcast power is a common way to resolve conflicts between access points to ensure that they don’t interfere with each other.
Why others are wrong:
A: Increasing the broadcast power would likely exacerbate the conflict, not resolve it.
B: Changing the SSID doesn’t solve the issue of signal interference or overlapping channels.
C: Disabling one of the access points could leave coverage gaps and isn’t an ideal solution unless necessary.

Key Phrase: "not used for geolocation"

Explanation:
Correct Answer (C): NFC (Near Field Communication) is used for short-range communication and is not typically used for geolocation, which requires broader range technologies.
Why others are wrong:
A: Bluetooth can be used for geolocation via beacon technology.
B: GPS is the most common method of geolocation.
D: Wi-Fi is also frequently used for location tracking by measuring signal strength from known access points.

Key Phrase: "WPA3 brute-force protection"

Explanation:
Correct Answer (A): SAE (Simultaneous Authentication of Equals) replaces WPA2's PSK and makes brute-force attacks against weak passwords much more difficult by using a more secure handshake process.
Why others are wrong:
B: CCMP is the encryption protocol used in WPA2 and WPA3 but doesn’t protect against brute-force attacks.
C: PSK (Pre-shared Key) is used in WPA2, not WPA3, and is more vulnerable to brute-force attacks.
D: WPS (Wi-Fi Protected Setup) is a separate feature for simplifying device pairing and is unrelated to WPA3’s protection against brute-force attacks.

Key Phrase: "mutual authentication without certificates"

Explanation:
Correct Answer (C): PEAP (Protected EAP) allows for mutual authentication without requiring client certificates. It uses a server-side certificate to secure the authentication process.
Why others are wrong:
A: EAP-FAST is used for fast reauthentication and doesn’t necessarily provide mutual authentication without certificates.
B: EAP-TTLS is similar to PEAP but requires additional software on client devices, which may not be ideal.
D: EAP-TLS requires client certificates for mutual authentication.

Key Phrase: "separate data for personal and company use"

Explanation:
Correct Answer (A): Storage segmentation ensures that personal and corporate data are stored in separate environments on the same device, preventing data leakage between the two.
Why others are wrong:
B: Multifactor storage is not a recognized concept in mobile device security.
C: Full-device encryption encrypts the entire device but doesn’t specifically address the separation of data.
D: Geofencing controls the location of devices but doesn’t manage data separation.

Key Phrase: "sideloaded applications"

Explanation:
Correct Answer (C): Sideloading refers to installing apps directly from a source other than the official app store, typically by copying them onto the device.
Why others are wrong:
A: Sideloading does not necessarily imply that malware was installed, although it is a potential risk.
B: Rooting refers to gaining administrative access to the phone, not sideloading apps.
D: Disabling the MDM is a separate issue and isn’t necessarily related to sideloading.

Key Phrase: "disables SMS, MMS, and RCS"

Explanation:
Correct Answer (B): Disabling SMS, MMS, and RCS prevents the sending of text and multimedia messages, including pictures, videos, and other files.
Why others are wrong:
A: Phone calls are not affected by this action.
C: Firmware updates are typically not sent via SMS/MMS/RCS.
D: Only text and multimedia messages are affected; not phone calls or firmware updates.