CompTIA Security+ Question L-71

A company is preparing to decommission an offline, non-networked root certificate server. Before sending the server’s drives to be destroyed by a contracted company, the Chief Security Officer (CSO) wants to be certain that the data will not be accessed. Which of the following, if implemented, would BEST reassure the CSO? (Select TWO).

A. Disk hashing procedures
B. Full disk encryption
C. Data retention policies
D. Disk wiping procedures
E. Removable media encryption

Answer: B,D

B: Full disk encryption is when the entire volume is encrypted; the data is not accessible to someone who might boot another operating system in an attempt to bypass the computer’s security. Full disk encryption is sometimes referred to as hard drive encryption.

D: Disk wiping is the process of overwriting data on the repeatedly, or using a magnet to alter the magnetic structure of the disks. This renders the data unreadable.

CompTIA Security+ Question L-65

Multi-tenancy is a concept found in which of the following?

A. Full disk encryption
B. Removable media
C. Cloud computing
D. Data loss prevention

Answer: C

One of the ways cloud computing is able to obtain cost efficiencies is by putting data from various clients on the same machines. This “multitenant” nature means that workloads from different clients can be on the same system, and a flaw in implementation could compromise security.

CompTIA Security+ Question K-86

To protect corporate data on removable media, a security policy should mandate that all removable devices use which of the following?

A. Full disk encryption
B. Application isolation
C. Digital rights management
D. Data execution prevention

Answer: A

Full-disk encryption encrypts the data on the hard drive of the device or on a removable drive. This feature ensures that the data on the device or removable drive cannot be accessed in a useable form should it be stolen.

CompTIA Security+ Question I-92

A Windows-based computer is infected with malware and is running too slowly to boot and run a malware scanner. Which of the following is the BEST way to run the malware scanner?

A. Kill all system processes
B. Enable the firewall
C. Boot from CD/USB
D. Disable the network connection

Answer: C

Antivirus companies frequently create boot discs you can use to scan and repair your computer. These tools can be burned to a CD or DVD or installed onto a USB drive. You can then restart your computer and boot from the removable media. A special antivirus environment will load where your computer can be scanned and repaired.

Incorrect Options:

A: Kill all system processes will stop system processes, and could have a negative effect on the system. It is not the BEST way to run the malware scanner

B: The basic purpose of a firewall is to isolate one network from another. It is not the BEST way to run the malware scanner.

D: Disabling the network connection will not allow for the BEST way to run the malware scanner.


Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 342

CompTIA Security+ Question I-87

Which of the following types of data encryption would Matt, a security administrator, use to encrypt a specific table?

A. Full disk
B. Individual files
C. Database
D. Removable media

Answer: C

A table is stored in a database. Database encryption makes use of cryptography functions that are built into the database software to encrypt the data stored in the database. This often offers granular encryption options which allows for the encryptions of the entire database, specific database tables, or specific database fields, such as a credit card number field.

CompTIA Security+ Question I-43

A system administrator has been instructed by the head of security to protect their data at-rest.
Which of the following would provide the strongest protection?

A. Prohibiting removable media
B. Incorporating a full-disk encryption system
C. Biometric controls on data center entry points
D. A host-based intrusion detection system

Answer: B

Full disk encryption can be used to encrypt an entire volume with 128-bit encryption. When the entire volume is encrypted, the data is not accessible to someone who might boot another operating system in an attempt to bypass the computer’s security. Full disk encryption is sometimes referred to as hard drive encryption. This would be best to protect data that is at rest.

CompTIA Security+ Question H-35

Which of the following controls can be used to prevent the disclosure of sensitive information stored on a mobile device’s removable media in the event that the device is lost or stolen?

A. Hashing
B. Screen locks
C. Device password
D. Encryption

Answer: D

Encryption is used to ensure the confidentiality of information.

CompTIA Security+ Question G-56

An SSL/TLS private key is installed on a corporate web proxy in order to inspect HTTPS requests.
Which of the following describes how this private key should be stored so that it is protected from theft?

A. Implement full disk encryption
B. Store on encrypted removable media
C. Utilize a hardware security module
D. Store on web proxy file system

Answer: C

Hardware Security Module (HSM) hardware-based encryption solution that is usually used in conjunction with PKI to enhance security with certification authorities (CAs). It is available as an expansion card and can cryptographic keys, passwords, or certificates.

CompTIA Security+ Question F-97

A security administrator has concerns regarding employees saving data on company provided mobile devices. Which of the following would BEST address the administrator’s concerns?

A. Install a mobile application that tracks read and write functions on the device.
B. Create a company policy prohibiting the use of mobile devices for personal use.
C. Enable GPS functionality to track the location of the mobile devices.
D. Configure the devices so that removable media use is disabled.

Answer: D

Mobile devices can be plugged into computers where they appear as an additional disk in the same way as a USB drive. This is known as removable media. This would enable users to copy company data onto the mobile devices. By disabling removable media use, the users will not be able to copy data onto the mobile devices.

CompTIA Security+ Question C-93

Which of the following BEST explains the use of an HSM within the company servers?

A. Thumb drives present a significant threat which is mitigated by HSM.
B. Software encryption can perform multiple functions required by HSM.
C. Data loss by removable media can be prevented with DLP.
D. Hardware encryption is faster than software encryption.

Answer: D

Hardware Security Module (HSM) is a cryptoprocessor that can be used to enhance security. It provides a fast solution for the for large asymmetrical encryption calculations and is much faster than software-based cryptographic solutions.