CompTIA Security Plus Mock Test Q918

One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is physically stolen is to implement which of the following?

A. File level encryption with alphanumeric passwords
B. Biometric authentication and cloud storage
C. Whole disk encryption with two-factor authentication
D. BIOS passwords and two-factor authentication

Correct Answer: C
Section: Access Control and Identity Management

Explanation
Explanation/Reference:
Whole-disk encryption only provides reasonable protection when the system is fully powered off. to make the most of the defensive strength of whole-disk encryption, a long, complex
passphrase should be used to unlock the system on bootup. Combining whole-disk encryption with two factor authentication would further increase protection.

Incorrect Answers:
A: configuring file level encryption with alphanumeric passwords would still allow thieves access to the system, and time to crack the password.
B: Biometric authentication and cloud storage would work, but the question requires a basic solution.
D: BIOS passwords are easily removed by removing the CMOS battery, allowing a thief to power up the laptop. Once powered on, the thief can crack passwords at their leisure.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 252, 282

How to Bypass or Remove a BIOS Password