Security+ Section 7.4.10 Quiz
You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system. Which solution should you choose?
BitLocker -BitLocker is a Microsoft security solution that encrypts the entire contents of a hard drive, protecting all files on the disk. BitLocker uses a special key that is required to unlock the hard disk. You cannot unlock/decrypt a drive simply by moving it to another computer.
You create a new document and save it to a hard drive on a file server on your company's network. Then you employ an encryption tool to encrypt the file using AES. This activity is an example of accomplishing which security goal?
Confidentiality - Encrypting a file while it is stored on a hard drive is usually done to provide protection for the object's confidentiality.
Which of the following should you set up to ensure encrypted files can still be decrypted if the original user account becomes corrupted?
DRA - If a user account becomes corrupted or the password is forgotten, any encrypted files are lost. To help remedy this, a data recovery agent (DRA) can be set up. The DRA is simply another account that can decrypt the encrypted files.
You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files. What should you do?
Implement BitLocker without a TPM. - If you use BitLocker without a TPM, system integrity checks are not performed. The TPM is required for saving the startup file information that is used to verify system integrity. When using BitLocker without a TPM, you must use a startup key on a USB device. When using a TPM, this is an optional configuration.
You have transferred an encrypted file across a network using the Server Message Block (SMB) Protocol. What happens to the file's encryption?
The file is unencrypted when moved. - A file is automatically unencrypted when you copy it over a network using the SMB Protocol.
Which of the following database encryption methods encrypts the entire database and all backups?
Transparent Data Encryption (TDE) - Transparent Data Encryption (TDE) encrypts the entire database and all backups. TDE: encrypts data at rest, which is data not being currently used. is called transparent because when an authorized user needs to access the data, it is automatically decrypted so the user does not see the process or need to do anything extra.
Which of the following security solutions would prevent a user from reading a file that she did not create?
EFS - EFS is a Windows file encryption option that encrypts individual files so that only the user who created the file can open it. Decryption is automatic when the file owner opens it. Other users cannot open the encrypted file unless specifically authorized.
You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device. What should you do?
Enable the TPM in the BIOS. - When a system boots, the startup key is required to unlock the encrypted volume. The system startup key can be saved in the Trusted Platform Module (TPM). With the startup key saved in the TPM, the system can start without additional intervention.
Which utility would you MOST likely use on OS X to encrypt and decrypt data and messages?
GPG - GNU Privacy Guard (GPG) is a command line utility that's used to encrypt and decrypt data and messages. GPG is a open source utility and can be used on many different systems, including Windows, Linux, Android, and Apple's OS X.
You've used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you've used an external USB flash drive to store the BitLocker startup key. You use EFS to encrypt the C:\Secrets folder and its contents. Which of the following is true in this scenario? (Select two.)
If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state. By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it.
