CompTIA Security+ Question J-22

A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement?

A. Internet networks can be accessed via personally-owned computers.
B. Data can only be stored on local workstations.
C. Wi-Fi networks should use WEP encryption by default.
D. Only USB devices supporting encryption are to be used.

Answer: D

Explanation:
The concern for preventing data loss is the concern for maintaining data confidentiality. This can

be accomplished through encryption, access controls, and steganography. USB encryption is usually provided by the vendor of the USB device. It is not included on all USB devices.

CompTIA Security+ Question F-43

Which of the following is built into the hardware of most laptops but is not setup for centralized management by default?

A. Whole disk encryption
B. TPM encryption
C. USB encryption
D. Individual file encryption

Answer: B

Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.

CompTIA Security+ Question C-56

A team of firewall administrators have access to a `master password list’ containing service account passwords. Which of the following BEST protects the master password list?

A. File encryption
B. Password hashing
C. USB encryption
D. Full disk encryption

Answer: A

Explanation:
File encryption can be used to protect the contents of individual files. It uses randomly generated symmetric encryption keys for the file and stores the key in an encrypted form using the user’s public key on the encrypted file.

CompTIA Security+ Question C-18

Which of the following hardware based encryption devices is used as a part of multi-factor authentication to access a secured computing system?

A. Database encryption
B. USB encryption
C. Whole disk encryption
D. TPM

Answer: D

Explanation:
Trusted Platform Module (TPM) is a hardware-based encryption solution that is embedded in the system’s motherboard and is enabled or disable in BIOS. It helps with hash key generation and stores cryptographic keys, passwords, or certificates.