A system administrator has been instructed by the head of security to protect their data at-rest.
Which of the following would provide the strongest protection?
A.
Prohibiting removable media
B.
Incorporating a full-disk encryption system
C.
Biometric controls on data center entry points
D.
A host-based intrusion detection system
Explanation:
Full disk encryption can be used to encrypt an entire volume with 128-bit encryption. When the entire
volume is encrypted, the data is not accessible to someone who might boot another operating system in
an attempt to bypass the computer’s security. Full disk encryption is sometimes referred to as hard drive
encryption. This would be best to protect data that is at rest.
Incorrect Answers:
A: Prohibiting removable media is not working with data at rest.
C: Biometrics are used mainly as a physical security control and to control access to resources. Data at
rest is best protected with a full-disk encryption system.
D: Intrusion detection systems are used as a physical security measure and not a data protection
measure.Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, p. 290
I think, it should be A, according to the description of steam ciphers.
Stream ciphers encrypt data a single bit, or a single byte, at a time in a stream.
Block ciphers encrypt data in a specific-sized block such as 64-bit or
128-bit blocks.
0
0