Matt, a security analyst, needs to implement encryption for company data and also prevent theft of
company data. Where and how should Matt meet this requirement?

A.
Matt should implement access control lists and turn on EFS.

B.
Matt should implement DLP and encrypt the company database.

C.
Matt should install Truecrypt and encrypt the company server.

D.
Matt should install TPMs and encrypt the company database.

Explanation:
Data loss prevention (DLP) systems monitor the contents of systems (workstations, servers, and
networks) to make sure that key content is not deleted or removed. They also monitor who is using the
data (looking for unauthorized access) and transmitting the data. Encryption is used to protect data.
Incorrect Answers:
A: ACLs will enable devices in your network to ignore requests from specified users or to grant them
access to certain network capabilities and EFS can also be used to help in risk mitigation. However Matt is
supposed to employ encryption and prevent theft of company data.
C: TrueCrypt is used to encrypt hard drives and partitions. Data is software and Truecrypt is used for
hardware encryption.
D: TPM can be used to assist with hash key generation, bu that is just it, it is hardware encryption, not
data encryption per se.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 14-18, 156, 238, 290