SecurityA+

Mobile Device Security for CompTIA A+ 220-1101

Q: What is the difference between remote lock and remote wipe?

Remote lock immediately locks the device (requires PIN to unlock) without erasing data — useful if you think you've simply misplaced the device. You can also put it in 'Lost Mode' which displays a contact number on the lock screen. Remote wipe erases all data on the device — a drastic, irreversible action for when the device is confirmed stolen or compromised. Always try remote lock first; only escalate to remote wipe when certain the device cannot be recovered.

Mobile device security protects smartphones and tablets from unauthorized access and data loss. CompTIA A+ 220-1101 tests screen lock methods, remote wipe, MDM, and enterprise security controls. With mobile devices containing sensitive corporate email, contacts, and data, security configuration is as important as hardware support for technicians.

7 min

2 sections · 7 exam key points

1 practice questions

Screen Lock and Authentication

Screen lock methods in order of strength: Swipe (no security — just prevents accidental activation). PIN: 4–6+ digit number. Password: alphanumeric, most secure lock method. Pattern: visual swipe pattern — moderate security, fingerprints on screen can reveal pattern. Fingerprint scanner: biometric, convenient, quick. Face recognition: biometric, varies widely in security (2D face recognition can be fooled by photos; 3D face recognition with infrared is much more secure). Enterprise policy: MDM can enforce minimum PIN/password requirements and lock-out after failed attempts.

Full-device encryption: encrypts all data on the device storage — if someone bypasses the lock screen or removes the storage chip, data is unreadable without the key. Modern iOS and Android devices are encrypted by default. Tied to the lock screen PIN/password — strong screen lock means strong encryption. Resetting to factory state destroys the encryption key, rendering stored data unrecoverable.

Failed attempt lockout: after a configurable number of failed PIN/password attempts, the device locks for increasing time periods, or in enterprise MDM, wipes itself automatically. iOS default: after 10 failed attempts with 'Erase Data' enabled, device wipes. MDM can enforce: wipe after 5 failed attempts.

Remote Management and Enterprise Security

Remote wipe: erases all data on a lost or stolen device remotely. iOS: via iCloud 'Find My' — sends erase command when device connects to internet. Android: via Google 'Find My Device' — same concept. Enterprise MDM: can wipe immediately or selectively (remove only corporate data, leaving personal data on personal devices — BYOD scenarios). Always test remote wipe functionality before it is needed — verify enrollment and connectivity.

MDM (Mobile Device Management): enterprise platform that manages mobile devices at scale. Capabilities: enforce screen lock and complexity policies, push Wi-Fi and VPN configurations, remotely lock or wipe, push and remove apps, prevent camera use, require encryption, geo-fence (alert if device leaves a defined area). Enrollment: corporate-owned devices (COPE — Corporate Owned, Personally Enabled) vs BYOD (Bring Your Own Device — personal device enrolled in MDM with management profile).

Locator services: Find My (Apple) and Find My Device (Google) use GPS, Wi-Fi positioning, and cellular location to track lost devices. Also enables 'lost mode' — displays a message with contact information on the lock screen. Enable before the device is lost. Location services must be enabled for tracking to work.

Authenticator apps and MFA: beyond the screen lock, apps increasingly require MFA. Authenticator apps (Google Authenticator, Microsoft Authenticator, Authy) generate time-based one-time passwords (TOTP). Push-notification MFA (Duo, Microsoft Authenticator) — approve a push notification on a trusted device. SMS-based MFA: least secure (SIM swapping attacks), but better than no MFA.

Key exam facts — A+

Screen lock strength order: Swipe < Pattern < PIN < Password (complexity-based security)
Biometrics: fingerprint/face recognize the person — fast but can be bypassed; password cannot
Full-device encryption: default on modern iOS and Android; tied to screen lock PIN
Remote wipe: Find My (Apple), Find My Device (Google), MDM — requires internet connection to receive command
MDM enrollment: corporate-owned (COPE) vs BYOD — selective wipe removes only corporate data
TOTP (Authenticator app): time-based 6-digit code, more secure than SMS for MFA
MDM can enforce: PIN complexity, encryption, app restrictions, camera disable, geo-fencing

Common exam traps

A factory reset makes device data unrecoverable on older Android devices

Older Android devices (pre-Android 6.0 without default encryption) did not encrypt data — factory reset removed the file pointers but data could potentially be recovered with forensic tools. Modern devices with encryption (Android 6.0+, all iPhones) destroy the encryption key on factory reset, making data truly unrecoverable. Always verify encryption is enabled before relying on factory reset for data destruction

Practice questions — Mobile Device Security

These questions are representative of what you will see on A+ exams. The correct answer and explanation are shown immediately below each question.

Q1.A company allows employees to use personal smartphones to access corporate email (BYOD). The MDM policy must protect corporate data without erasing personal photos and apps if a device is reported lost. Which MDM capability provides this?

A.Full remote wipe

B.Selective wipe (remove corporate data only)

C.Screen lock enforcement

D.Device encryption

Explanation: Selective wipe removes only the corporate data container (email, contacts, corporate apps, configurations) from a BYOD device while leaving personal data (photos, personal apps, personal email) intact. Full remote wipe erases everything — inappropriate for BYOD since it destroys the employee's personal data. Screen lock and encryption protect data at rest but don't control data removal. Selective wipe is the key BYOD data protection feature.

Frequently asked questions — Mobile Device Security

What is the difference between remote lock and remote wipe?

Remote lock immediately locks the device (requires PIN to unlock) without erasing data — useful if you think you've simply misplaced the device. You can also put it in 'Lost Mode' which displays a contact number on the lock screen. Remote wipe erases all data on the device — a drastic, irreversible action for when the device is confirmed stolen or compromised. Always try remote lock first; only escalate to remote wipe when certain the device cannot be recovered.

Practice this topic

A+practice questions

Test yourself on Mobile Device Security

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime