Mobile device security protects smartphones and tablets from unauthorized access and data loss. CompTIA A+ 220-1101 tests screen lock methods, remote wipe, MDM, and enterprise security controls. With mobile devices containing sensitive corporate email, contacts, and data, security configuration is as important as hardware support for technicians.
Practice this topic
Screen lock methods in order of strength: Swipe (no security — just prevents accidental activation). PIN: 4–6+ digit number. Password: alphanumeric, most secure lock method. Pattern: visual swipe pattern — moderate security, fingerprints on screen can reveal pattern. Fingerprint scanner: biometric, convenient, quick. Face recognition: biometric, varies widely in security (2D face recognition can be fooled by photos; 3D face recognition with infrared is much more secure). Enterprise policy: MDM can enforce minimum PIN/password requirements and lock-out after failed attempts.
Full-device encryption: encrypts all data on the device storage — if someone bypasses the lock screen or removes the storage chip, data is unreadable without the key. Modern iOS and Android devices are encrypted by default. Tied to the lock screen PIN/password — strong screen lock means strong encryption. Resetting to factory state destroys the encryption key, rendering stored data unrecoverable.
Failed attempt lockout: after a configurable number of failed PIN/password attempts, the device locks for increasing time periods, or in enterprise MDM, wipes itself automatically. iOS default: after 10 failed attempts with 'Erase Data' enabled, device wipes. MDM can enforce: wipe after 5 failed attempts.
Remote wipe: erases all data on a lost or stolen device remotely. iOS: via iCloud 'Find My' — sends erase command when device connects to internet. Android: via Google 'Find My Device' — same concept. Enterprise MDM: can wipe immediately or selectively (remove only corporate data, leaving personal data on personal devices — BYOD scenarios). Always test remote wipe functionality before it is needed — verify enrollment and connectivity.
MDM (Mobile Device Management): enterprise platform that manages mobile devices at scale. Capabilities: enforce screen lock and complexity policies, push Wi-Fi and VPN configurations, remotely lock or wipe, push and remove apps, prevent camera use, require encryption, geo-fence (alert if device leaves a defined area). Enrollment: corporate-owned devices (COPE — Corporate Owned, Personally Enabled) vs BYOD (Bring Your Own Device — personal device enrolled in MDM with management profile).
Locator services: Find My (Apple) and Find My Device (Google) use GPS, Wi-Fi positioning, and cellular location to track lost devices. Also enables 'lost mode' — displays a message with contact information on the lock screen. Enable before the device is lost. Location services must be enabled for tracking to work.
Authenticator apps and MFA: beyond the screen lock, apps increasingly require MFA. Authenticator apps (Google Authenticator, Microsoft Authenticator, Authy) generate time-based one-time passwords (TOTP). Push-notification MFA (Duo, Microsoft Authenticator) — approve a push notification on a trusted device. SMS-based MFA: least secure (SIM swapping attacks), but better than no MFA.
A factory reset makes device data unrecoverable on older Android devices
Older Android devices (pre-Android 6.0 without default encryption) did not encrypt data — factory reset removed the file pointers but data could potentially be recovered with forensic tools. Modern devices with encryption (Android 6.0+, all iPhones) destroy the encryption key on factory reset, making data truly unrecoverable. Always verify encryption is enabled before relying on factory reset for data destruction
These questions are representative of what you will see on A+ exams. The correct answer and explanation are shown immediately below each question.
A company allows employees to use personal smartphones to access corporate email (BYOD). The MDM policy must protect corporate data without erasing personal photos and apps if a device is reported lost. Which MDM capability provides this?
Explanation: Selective wipe removes only the corporate data container (email, contacts, corporate apps, configurations) from a BYOD device while leaving personal data (photos, personal apps, personal email) intact. Full remote wipe erases everything — inappropriate for BYOD since it destroys the employee's personal data. Screen lock and encryption protect data at rest but don't control data removal. Selective wipe is the key BYOD data protection feature.
Remote lock immediately locks the device (requires PIN to unlock) without erasing data — useful if you think you've simply misplaced the device. You can also put it in 'Lost Mode' which displays a contact number on the lock screen. Remote wipe erases all data on the device — a drastic, irreversible action for when the device is confirmed stolen or compromised. Always try remote lock first; only escalate to remote wipe when certain the device cannot be recovered.
Try free Mobile Device Security practice questions with explanations, topic links and progress tracking.