CompTIA Security Plus Mock Test Q981

A security administrator has deployed all laptops with Self Encrypting Drives (SED) and enforces key encryption. Which of the following represents the greatest threat to maintaining data confidentiality with these devices?

A. Full data access can be obtained by connecting the drive to a SATA or USB adapter bypassing the SED hardware.
B. A malicious employee can gain the SED encryption keys through software extraction allowing access to other laptops.
C. If the laptop does not use a Secure Boot BIOS, the SED hardware is not enabled allowing full data access.
D. Laptops that are placed in a sleep mode allow full data access when powered back on.

Correct Answer: D
Section: Access Control and Identity Management

Explanation:
Hardware-based encryption when built into the drive is transparent to the user. The drive except for bootup authentication operates just like any drive with no degradation in
performance. When the computer is started up, the user is prompted to enter a password to allow the system to boot and allow access to the encrypted drive.
When a laptop is placed into sleep mode (also known as standby mode), the computer is placed into a low power mode. In sleep mode, the computer is not fully shut down. The
screen is turned off, the hard disks are turned off and the CPU is throttled down to its lowest power state. However, the computer state is maintained in memory (RAM).
Most computers can be ‘woken’ from sleep mode by pressing any key on the keyboard or pressing the power button. The computer can be configured to require a password on wake
up, but if a password is not required, the computer will wake up and be logged in as it was at the time of going into sleep mode. This would enable full access to the data stored on the
disks.

Incorrect Answers:
A: You cannot access the data by connecting the drive to a SATA or USB adapter. Only the encryption key in the laptop’s hard disk controller can enable access to the disk. Therefore,
this answer is incorrect.
B: Every laptop will have a different encryption key so one key will not enable access to other disk drives. Therefore, this answer is incorrect.
C: A Secure Boot BIOS is not required for self-encrypting disks.

References:
https://en.wikipedia.org/wiki/Hardware-based_full_disk_encryption