During an internal penetration test you discover that the company's MobileIron server is running in an "open enrollment" mode for Android: any handset that browses to the public enrollment URL and supplies a valid corporate e-mail address immediately receives the full Mobile Device Management profile. What is the primary security risk introduced by this configuration flaw?
An attacker can disable Google Play Protect on enrolled devices and silently install apps from the public Play Store.
An attacker can trigger CVE-2019-2215 on all enrolled devices to gain kernel-level root without further user interaction.
An attacker can remotely brute-force the screen-lock PIN of already-enrolled devices through the MDM console.
An attacker can enroll a personal device and automatically obtain enterprise Wi-Fi, VPN, and application configurations, giving unauthorized network access.
Because the profile that is pushed to a newly enrolled device contains corporate certificates, VPN tunnels, Wi-Fi pre-shared keys, and internally signed applications, an attacker who self-registers a personal phone can gain authenticated access to the organization's private network and data. The remaining options describe attacks that are not created by open enrollment alone: MobileIron does not permit remote brute-forcing of device PINs, kernel vulnerabilities such as CVE-2019-2215 are unrelated to MDM settings, and Google Play Protect is not disabled merely by joining the MDM.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is MobileIron and its role in Mobile Device Management (MDM)?
Open an interactive chat with Bash
What is the risk of open enrollment in Mobile Device Management (MDM)?
Open an interactive chat with Bash
How can organizations prevent open enrollment risks in MDM systems like MobileIron?
Open an interactive chat with Bash
What is MobileIron and its role in Mobile Device Management (MDM)?
Open an interactive chat with Bash
What does 'open enrollment' mean in the context of MDM?
Open an interactive chat with Bash
How does an attacker exploit an open enrollment flaw?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Mobile Platform, IoT, and OT Hacking
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .