CompTIA Security+ Question J-50

The system administrator notices that their application is no longer able to keep up with the large amounts of traffic their server is receiving daily. Several packets are dropped and sometimes the server is taken offline. Which of the following would be a possible solution to look into to ensure their application remains secure and available?

A. Cloud computing
B. Full disk encryption
C. Data Loss Prevention
D. HSM

Answer: A

Explanation:
Cloud computing means hosting services and data on the Internet instead of hosting it locally. There is thus no issue when the company’s server is taken offline.

CompTIA Security+ Question I-43

A system administrator has been instructed by the head of security to protect their data at-rest.
Which of the following would provide the strongest protection?

A. Prohibiting removable media
B. Incorporating a full-disk encryption system
C. Biometric controls on data center entry points
D. A host-based intrusion detection system

Answer: B

Explanation:
Full disk encryption can be used to encrypt an entire volume with 128-bit encryption. When the entire volume is encrypted, the data is not accessible to someone who might boot another operating system in an attempt to bypass the computer’s security. Full disk encryption is sometimes referred to as hard drive encryption. This would be best to protect data that is at rest.

CompTIA Security+ Question I-17

Which of the following should be enabled in a laptop’s BIOS prior to full disk encryption?

A. USB
B. HSM
C. RAID
D. TPM

Answer: D

Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

CompTIA Security+ Question H-66

Full disk encryption is MOST effective against which of the following threats?

A. Denial of service by data destruction
B. Eavesdropping emanations
C. Malicious code
D. Theft of hardware

Answer: D

Explanation:
Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen. However, it does not prevent the theft of hardware it only protects data should the device be stolen.

CompTIA Security+ Question H-26

Which of the following does full disk encryption prevent?

A. Client side attacks
B. Clear text access
C. Database theft
D. Network-based attacks

Answer: B

Explanation:
Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

CompTIA Security+ Question G-82

The systems administrator wishes to implement a hardware-based encryption method that could also be used to sign code. They can achieve this by:

A. Utilizing the already present TPM.
B. Configuring secure application sandboxes.
C. Enforcing whole disk encryption.
D. Moving data and applications into the cloud.

Answer: A

Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

CompTIA Security+ Question G-56

An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests.
Which of the following describes how this private key should be stored so that it is protected from theft?

A. Implement full disk encryption
B. Store on encrypted removable media
C. Utilize a hardware security module
D. Store on web proxy file system

Answer: C

Explanation:
Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification authorities (CAs). It is available as an expansion card and can cryptographic keys, passwords, or certificates.

CompTIA Security+ Question G-53

After copying a sensitive document from his desktop to a flash drive, Peter, a user, realizes that the document is no longer encrypted. Which of the following can a security technician implement to ensure that documents stored on Peter’s desktop remain encrypted when moved to external media or other network based storage?

A. Whole disk encryption
B. Removable disk encryption
C. Database record level encryption
D. File level encryption

Answer: D

Explanation:
Encryption is used to ensure the confidentiality of information. In this case you should make use of file level encryption. File level encryption is a form of disk encryption where individual files or directories are encrypted by the file system itself. This is in contrast to full disk encryption where the entire partition or disk, in which the file system resides, is encrypted.

CompTIA Security+ Question G-40

Configuring the mode, encryption methods, and security associations are part of which of the following?

A. IPSec
B. Full disk encryption
C. 802.1x
D. PKI

Answer: A

Explanation:
IPSec can operate in tunnel mode or transport mode. It uses symmetric cryptography to provide encryption security. Furthermore, it makes use of Internet Security Association and Key Management Protocol (ISAKMP).