CAS-002 · Question #211
CAS-002 Question #211: Real Exam Question with Answer & Explanation
The correct answer is B: Full disk encryption. Full disk encryption (FDE) is the most critical control here. Since 95% of employees work remotely and their laptops cache sensitive PII and financial data locally, the primary risk is physical theft or loss of a device. FDE ensures that even if a laptop is stolen, the data store
Question
Options
- ATrusted operating systems
- BFull disk encryption
- CHost-based firewalls
- DCommand shell restrictions
Explanation
Full disk encryption (FDE) is the most critical control here. Since 95% of employees work remotely and their laptops cache sensitive PII and financial data locally, the primary risk is physical theft or loss of a device. FDE ensures that even if a laptop is stolen, the data stored on it remains unreadable without the decryption key. The other options-trusted operating systems (A), host-based firewalls (C), and command shell restrictions (D)-are valid security controls but address different threat vectors (OS integrity, network-level threats, and unauthorized command execution, respectively). None of them protect data at rest on a lost or stolen device. The explicit mention of 'local caches of data being manipulated' is the key clue pointing to encryption as the required control.
Community Discussion
No community discussion yet for this question.