CompTIA Security Plus Mock Test Q836

A security administrator has implemented a policy to prevent data loss. Which of the following is the BEST method of enforcement?

A. Internet networks can be accessed via personally-owned computers.
B. Data can only be stored on local workstations.
C. Wi-Fi networks should use WEP encryption by default.
D. Only USB devices supporting encryption are to be used.

Correct Answer: D
Section: Application, Data and Host Security

Explanation:
The concern for preventing data loss is the concern for maintaining data confidentiality. This can be accomplished through encryption, access controls, and steganography.
USB encryption is usually provided by the vendor of the USB device. It is not included on all USB devices.

Incorrect Answers:
A: Allowing personally-owned computers to access the intranet or internet would not prevent data loss. Allowing them to access the intranet would increase the risk of data loss while
allowing them to access the internet would be of no consequence.
B: Storing data on local workstations does not reduce the risk of data loss as the data can still be accessed if it is not encrypted.
C: Wired Equivalent Privacy (WEP) is the original wireless encryption standard that has inherent weakness and has been replaced by WiFi Protected Access (WPA). The current
version of WPA is WPA2.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 148, 331