CompTIA Security+ Question F-43

Which of the following is built into the hardware of most laptops but is not setup for centralized management by default?

A. Whole disk encryption
B. TPM encryption
C. USB encryption
D. Individual file encryption

Answer: B

Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

CompTIA Security+ Question F-25

Which of the following is the BEST method for ensuring all files and folders are encrypted on all corporate laptops where the file structures are unknown?

A. Folder encryption
B. File encryption
C. Whole disk encryption
D. Steganography

Answer: C

Explanation:
Full-disk encryption encrypts the data on the hard drive of the device or on a removable drive. This feature ensures that the data on the device or removable drive cannot be accessed in a useable form should it be stolen. Furthermore, full-disk encryption is not dependant on knowledge of the file structure.

CompTIA Security+ Question E-64

Which of the following is a way to implement a technical control to mitigate data loss in case of a mobile device theft?

A. Disk encryption
B. Encryption policy
C. Solid state drive
D. Mobile device policy

Answer: A

Explanation:
Disk and device encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

CompTIA Security+ Question E-23

Several departments in a corporation have a critical need for routinely moving data from one system to another using removable storage devices. Senior management is concerned with data loss and the introduction of malware on the network. Which of the following choices BEST mitigates the range of risks associated with the continued use of removable storage devices?

A. Remote wiping enabled for all removable storage devices
B. Full-disk encryption enabled for all removable storage devices
C. A well defined acceptable use policy
D. A policy which details controls on removable storage use

Answer: D

Explanation:
Removable storage is both a benefit and a risk and since not all mobile devices support removable storage, the company has to has a comprehensive policy which details the controls of the use of removable s to mitigate the range of risks that are associated with the use of these devices.

CompTIA Security+ Question C-56

A team of firewall administrators have access to a `master password list’ containing service account passwords. Which of the following BEST protects the master password list?

A. File encryption
B. Password hashing
C. USB encryption
D. Full disk encryption

Answer: A

Explanation:
File encryption can be used to protect the contents of individual files. It uses randomly generated symmetric encryption keys for the file and stores the key in an encrypted form using the user’s public key on the encrypted file.

CompTIA Security+ Question C-18

Which of the following hardware based encryption devices is used as a part of multi-factor authentication to access a secured computing system?

A. Database encryption
B. USB encryption
C. Whole disk encryption
D. TPM

Answer: D

Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

CompTIA Security+ Question B-8

An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented?

A. Cluster tip wiping
B. Individual file encryption
C. Full disk encryption
D. Storage retention

Answer: A

Explanation:
A computer hard disk is divided into small segments called clusters. A file usually spans several clusters but rarely fills the last cluster, which is called cluster tip. This cluster tip area may contain file data because the size of the file you are working with may grow or shrink and needs to be securely deleted.