CompTIA Security+ Question H-26

Which of the following does full disk encryption prevent?

A. Client side attacks
B. Clear text access
C. Database theft
D. Network-based attacks

Answer: B

Explanation:
Full-disk encryption encrypts the data on the device. This feature ensures that the data on the device cannot be accessed in a useable form should the device be stolen.

CompTIA Security+ Question G-56

An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests.
Which of the following describes how this private key should be stored so that it is protected from theft?

A. Implement full disk encryption
B. Store on encrypted removable media
C. Utilize a hardware security module
D. Store on web proxy file system

Answer: C

Explanation:
Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification authorities (CAs). It is available as an expansion card and can cryptographic keys, passwords, or certificates.

CompTIA Security+ Question G-53

After copying a sensitive document from his desktop to a flash drive, Peter, a user, realizes that the document is no longer encrypted. Which of the following can a security technician implement to ensure that documents stored on Peter’s desktop remain encrypted when moved to external media or other network based storage?

A. Whole disk encryption
B. Removable disk encryption
C. Database record level encryption
D. File level encryption

Answer: D

Explanation:
Encryption is used to ensure the confidentiality of information. In this case you should make use of file level encryption. File level encryption is a form of disk encryption where individual files or directories are encrypted by the file system itself. This is in contrast to full disk encryption where the entire partition or disk, in which the file system resides, is encrypted.

CompTIA Security+ Question G-40

Configuring the mode, encryption methods, and security associations are part of which of the following?

A. IPSec
B. Full disk encryption
C. 802.1x
D. PKI

Answer: A

Explanation:
IPSec can operate in tunnel mode or transport mode. It uses symmetric cryptography to provide encryption security. Furthermore, it makes use of Internet Security Association and Key Management Protocol (ISAKMP).

CompTIA Security+ Question C-56

A team of firewall administrators have access to a `master password list’ containing service account passwords. Which of the following BEST protects the master password list?

A. File encryption
B. Password hashing
C. USB encryption
D. Full disk encryption

Answer: A

Explanation:
File encryption can be used to protect the contents of individual files. It uses randomly generated symmetric encryption keys for the file and stores the key in an encrypted form using the user’s public key on the encrypted file.

CompTIA Security+ Question B-8

An administrator wants to ensure that the reclaimed space of a hard drive has been sanitized while the computer is in use. Which of the following can be implemented?

A. Cluster tip wiping
B. Individual file encryption
C. Full disk encryption
D. Storage retention

Answer: A

Explanation:
A computer hard disk is divided into small segments called clusters. A file usually spans several clusters but rarely fills the last cluster, which is called cluster tip. This cluster tip area may contain file data because the size of the file you are working with may grow or shrink and needs to be securely deleted.