7.4 File Encryption
File Encryption Key(FEK)
A pseudo-random number used with the AES encryption algorithm to encrypt files and folders in EFS.
Data Decryption Field(DDF)
A special location in a EFS encrypted file's header that stores the FEK.
You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution should you choose? - BitLocker - EFS - VPN - IPsec
BitLocker
BitLocker
BitLocker is used to encrypt an entire volume. All data on the volume is protected even if the hard drive is moved to another computer.
Why would you create a Data Recovery Agent (DRA)?
Can be created and can decrypt any encrypted data drive on the network.
You create a new document and save it to a hard drive on a file server on your company's network. Then you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing which security goal? - Confidentiality - Integrity - Non-repudiation - Availability
Confidentiality
Which of the following should you set up to ensure encrypted files can still be decrypted if the original user account becomes corrupted? - GPG - DRA - PGP - VPN
DRA
Which standard does Pretty Good Privacy (PGP) and GNU Privacy Guard (GPG) follow?
OpenPGP standard
Pretty Good Privacy
PGP is a commercial encryption program that is now owned by NortonLifeLock (previously Symantec). PGP is used by products that protect laptops, desktops, USB drives, optical media, and smart phones.
Data Recovery Agent
The DRA is an account that has been granted the right to decrypt files and folders on a EFS.
You have transferred an encrypted file across a network using the Server Message Block (SMB) Protocol. What happens to the file's encryption? - The encryption inherits from the new location. - An encrypted file cannot be moved using SMB. - The file is unencrypted when moved. - The encryption carries over to the new location.
The file is unencrypted when moved.
Which of the following database encryption methods encrypts the entire database and all backups? - Bitlocker - Application-level - Transparent Data Encryption (TDE) - Column-level
Transparent Data Encryption (TDE)
What are three methods of database encryption?
Transparent Data Encryption (TDE), Column-level encryption, and Application-level encryption.
You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key. You use EFS to encrypt the C:\Secrets folder and its contents. Which of the following is true in this scenario? (Select two.) - By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it. - If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will remain in an encrypted state. - The EFS encryption process will fail. -Any user who is able to boot the computer from the encrypted hard disk will be able to open the C:\Secrets\confidential.docx file. - Only the user who encrypted the C:\Secrets\confidential.docx file is able to boot the computer from the encrypted hard disk. - If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state.
- By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it. - If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state.
Which of the following security solutions would prevent a user from reading a file that she did not create? - EFS - VPN - IPsec
EFS
Encrypting File System
EFS provides a easy and seamless way for users to encrypt files on Windows computers. EFS is used to encrypt only individual files and folders.
You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do? - Save the startup key to the boot partition. - Use a PIN instead of a startup key. - Enable the TPM in the BIOS. - Disable USB devices in the BIOS.
Enable the TPM in the BIOS.
Which editions of Windows include Encrypting File System (EFS)?
Every version of Windows since Windows 2000 except for in the Home editions.
Which utility would you MOST likely use on OS X to encrypt and decrypt data and messages? - IPsec - GPG - PGP - VPN
GPG
GNU Privacy Guard
GPG is an encryption tool that encrypts emails, digitally signs emails, and encrypts documents.
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do? - Have each user encrypt the entire volume with EFS. - Have each user encrypt user files with EFS. - Implement BitLocker without a TPM. - Implement BitLocker with a TPM.
Implement BitLocker with a TPM.
What partition/volumes are created when implementing BitLocker?
system and boot partition
