Which of the following data security techniques will allow Matt, an IT security technician, to encrypt a
system with speed as its primary consideration?
A.
Hard drive encryption
Driving a van full of Micro SD cards from data center to data center to transfer data
B.
Infrastructure as a service
Exchanging VPN keys between each data center via an SSL connection and transferring the data in the
VPN
C.
Software based encryption
Using a courier to deliver symmetric VPN keys to each data center and transferring data in the VPN
D.
Data loss prevention
Data loss prevention is the purpose of encryption; it is not a data security technique.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 418-419
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 236, 237
QUESTION 115
A large corporation has data centers geographically distributed across multiple continents. The company
needs to securely transfer large amounts of data between the data center. The data transfer can beaccomplished physically or electronically, but must prevent eavesdropping while the data is on transit.
Which of the following represents the BEST cryptographic solution?
Using PKI to encrypt each file and transferring them via an Internet based FTP or cloud server
D.
Data loss prevention
Data loss prevention is the purpose of encryption; it is not a data security technique.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 418-419
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 236, 237
QUESTION 115
A large corporation has data centers geographically distributed across multiple continents. The company
needs to securely transfer large amounts of data between the data center. The data transfer can beaccomplished physically or electronically, but must prevent eavesdropping while the data is on transit.
Which of the following represents the BEST cryptographic solution?
Using PKI to encrypt each file and transferring them via an Internet based FTP or cloud server
A.
Hard drive encryption
Driving a van full of Micro SD cards from data center to data center to transfer data
B.
Infrastructure as a service
Exchanging VPN keys between each data center via an SSL connection and transferring the data in the
VPN
C.
Software based encryption
Using a courier to deliver symmetric VPN keys to each data center and transferring data in the VPN
D.
Data loss prevention
Data loss prevention is the purpose of encryption; it is not a data security technique.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 418-419
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 236, 237
QUESTION 115
A large corporation has data centers geographically distributed across multiple continents. The company
needs to securely transfer large amounts of data between the data center. The data transfer can beaccomplished physically or electronically, but must prevent eavesdropping while the data is on transit.
Which of the following represents the BEST cryptographic solution?
Using PKI to encrypt each file and transferring them via an Internet based FTP or cloud server
Explanation:
Disk and device encryption encrypts the data on the device. This feature ensures that the data on the
device cannot be accessed in a useable form should the device be stolen. It should be implemented using
a hardware-based solution for greater speed.
Incorrect Answers:
B: The Infrastructure as a Service (IaaS) model is a cloud computing business model uses virtualization,
with the clients paying for resources used. It is not a data security technique.
C: Software based encryption is usually slower than hardware based encryption.A virtual private network (VPN) is an encrypted communication tunnel that connects two systems over an
untrusted network, such as the Internet. They provide security for both authentication and data
transmission through a process called encapsulation.
Secure Sockets Layer (SSL) can be used to exchange the VPN keys securely. SSL is used to establish secure
TCP communication between two machines by encrypting the communication.
Incorrect Answers:
A: The data centers are geographically distributed across multiple continents. This makes it difficult to
transport the data by driving a van.
C: Symmetrical keys are rendered useless when the key is stolen as the same key is used for encryption
and decryption.
D:
PKI can be used to encrypt the data but transferring the data via FTP or a cloud server is not advisable.
FTP is inherently insecure while cloud servers are used for storage.Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 45, 304-305,
310-311http://www.networkworld.com/article/2263539/compliance/vpn-security—-do-you-know-where-yourkeys-are-.html