CompTIA Security Plus Mock Test Q712

An organization must implement controls to protect the confidentiality of its most sensitive data. The company is currently using a central storage system and group based access control for its sensitive information. Which of the following controls can further secure the data in the central storage system?

A. Data encryption
B. Patching the system
C. Digital signatures
D. File hashing


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
Data encryption makes data unreadable to anyone who does not have the required key to decrypt the data. The question states that the sensitive data is stored on a central storage
system. Group based access control is used to control who can access the sensitive data. However, this offers no physical security for the data. Someone could steal the central
storage system or remove the hard disks from it with the plan of placing the hard disks into another system to read the data on the disks. With the data encrypted, the data would be
unreadable.

Incorrect Answers:
B: The question states that the sensitive data is stored on a central storage system (such as a SAN). A SAN typically does not need patching. Even if the storage was attached to a
system that did need patching (such as a file server), patching the system would still provide no protection against the removal of the hard disks containing the data.
C: A digital signature is a mathematical technique used to validate the authenticity and integrity of a message, software, or digital document. Digital signatures would not further secure
the data in the central storage system.
D: File hashing is used to ensure that the version of the file a user receives has not been tampered with when accessing files over a network. It is not used to secure files on a storage
system.