Matt, a security analyst, needs to implement encryption for company data and also prevent theft of
company data. Where and how should Matt meet this requirement?
A.
Matt should implement access control lists and turn on EFS.
B.
Matt should implement DLP and encrypt the company database.
C.
Matt should install Truecrypt and encrypt the company server.
D.
Matt should install TPMs and encrypt the company database.
Another badly written question.
At the end of the day, Matt needs to meet two requirements: (a) Encrypt data and (b) prevent data theft
The question remains: Is it “data at rest” or “data in transit” we are talking about? Or both?. Both need to be encrypted as both can be stolen, but we do not have the foggest idea which data Matt is talking about.
Whatever we choose, it must meet both requirements
Now for a few definitions:
• ACL – Access Control Lists
• EFS- Encrypting File System
• DLP – Data Loss Protection
• TrueCrypt – TrueCrypt is a discontinued source-available freeware utility used for on-the-fly encryption.
• TPM- Trusted Platfomrm Module – is a computer chip (microcontroller) that can securely store artifacts used to authenticate the platform (your PC or laptop). These artifacts can include passwords, certificates, or encryption keys.
Now for the incorrect answers:
A- Matt should implement access control lists and turn on EFS.
This only meets one requirement, namely EFS- Encrypting File System. Yet it does not prevent data theft. Also, EFS isn’t designed to protect data while it’s transferred from one system to another. This means that EFS is not good for data in transit ( having said that, Amazon is working on it).
C- Matt should install Truecrypt and encrypt the company server.
Why use a discontinued, legacy application?. It also implies that this company only has one server. Just one? There are many servers with “data” in it such Data server, Exchange Server, SQL Server, etc. They all need protecting.
Also, this would only provide encryption but would not assist with data theft.
D- Matt should install TPMs and encrypt the company database.
LOL. TPMs do not need to be installed. They are a part of the hardware.
TPM drivers are natively supported in modern kernels (but might need to be loaded) . This again only meets one requirement (encryption)
So “B- Matt should implement DLP and encrypt the company database.” is really the best answer.
Requirement (B) is met by Data loss prevention (DLP): It monitor the contents of systems (workstations, servers, and networks) to make sure that key content is not deleted or removed. They also monitor who is using the data (looking for unauthorized access) and transmitting the data.
Requirement (a) is met by “Encryption” of the company “database”.
Here again we have a company with just one “server” and one “database”.
Yet B remains the best answer.
0
0