WOLF//SEC
← All Labs
LAB 4.1-C Tier 1: In-Browser Obj 4.1 · intermediate · ~15min

Mobile Device Policy Builder

Build an MDMMobile Device Management — Centralized management of mobile devices policy for three different organizations, each with distinct security requirements and workforce constraints. Select deployment models, authentication methods, network controls, data protection settings, and additional hardening — then handle a lost device incident using the policy you just built.

What You’ll Practice

  • Selecting the right mobile deployment model (BYODBring Your Own Device — Employee uses personal device for work, COPECorporate-Owned, Personally Enabled — Company device with permitted personal use, CYODChoose Your Own Device — Employee picks from approved corporate devices, corporate-owned) based on organizational context
  • Configuring containerization, authentication, network, and data controls that balance security against usability
  • Choosing appropriate additional hardening controls (jailbreak detection, clipboard isolation, app allowlisting)
  • Executing the correct incident response sequence for a lost/stolen device based on the policy you configured

How the Exam Tests This

Objective 4.1 covers mobile device management as a core security technique for computing resources. CompTIA expects you to know deployment models (BYODBring Your Own Device — Employee uses personal device for work vs COPECorporate-Owned, Personally Enabled — Company device with permitted personal use vs CYODChoose Your Own Device — Employee picks from approved corporate devices vs corporate-owned), understand containerization and work profiles, and select appropriate controls like remote wipe, geofencing, and certificate-based authentication. Scenario questions will describe an organization’s requirements and ask which deployment model or MDMMobile Device Management — Centralized management of mobile devices policy fits — wrong answers typically confuse BYODBring Your Own Device — Employee uses personal device for work limitations (you can’t full-wipe a personal device) or over-engineer controls that destroy usability.

Scoring

Each scenario scores your policy configuration (6 categories) and your incident response decision separately. Policy choices are evaluated for correctness given the organization’s constraints — too permissive creates risk, too restrictive breaks workflows. The incident response score tests whether your wipe/response decision is consistent with the deployment model you selected. Final results include per-scenario breakdowns and key takeaways about deployment model tradeoffs.

MISSION

Three organizations need mobile device policies. Each has different ownership models, workforce constraints, and compliance requirements. Build the right policy — then handle a lost device incident using the rules you just set.

ORGANIZATIONS

Morrison & Associates Law Firm
50 attorneys handling high-confidentiality cases with attorney-client privilege.
Apex Field Services
200 field technicians performing equipment installation and maintenance across a tri-state area.
Greenline Financial Technologies
80 employees at a fast-growing fintech startup, mix of remote and office workers.

HOW IT WORKS

Phase 1 — Policy Configuration: Select deployment model, containerization, authentication, network controls, data controls, and additional hardening for each organization.

Phase 2 — Incident Response: A device goes missing. Your response must be consistent with the policy you just built. Wrong deployment model + wrong wipe = wrong IR.

3 organizations × (6 policy decisions + 1 incident response) = 21 total decisions.