CompTIA Security Plus Mock Test Q426

A system administrator has been instructed by the head of security to protect their data at-rest. Which of the following would provide the strongest protection?

A. Prohibiting removable media
B. Incorporating a full-disk encryption system
C. Biometric controls on data center entry points
D. A host-based intrusion detection system

Correct Answer: B
Section: Compliance and Operational Security

Full disk encryption can be used to encrypt an entire volume with 128-bit encryption. When the entire volume is encrypted, the data is not accessible to someone who might boot another operating system in an attempt to bypass the computer’s security. Full disk encryption is sometimes referred to as hard drive encryption. This would be best to protect data that is at rest.

Incorrect Answers:
A: Prohibiting removable media is not working with data at rest.
C: Biometrics are used mainly as a physical security control and to control access to resources. Data at rest is best protected with a full-disk encryption system.
D: Intrusion detection systems are used as a physical security measure and not a data protection measure.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 290