nerdexam
ExamsCAS-003Questions#730
CompTIA

CAS-003 · Question #730

CAS-003 Question #730: Real Exam Question with Answer & Explanation

The correct answer is A: Access control lists. TPM (Trusted Platform Module) with sealed storage (D) is the correct control for this threat. The TPM ties the encryption keys to specific hardware measurements (PCR values). If the drive is removed and inserted into a different host, the TPM on the new machine will not have the

Question

An administrator wants to ensure hard drives cannot be removed from hosts and men installed into and read by unauthorized hosts. Which of the following techniques would BEST support this?

Options

  • AAccess control lists
  • BTACACS+ server for AAA
  • CFile-level encryption
  • DTPM with sealed storage

Explanation

TPM (Trusted Platform Module) with sealed storage (D) is the correct control for this threat. The TPM ties the encryption keys to specific hardware measurements (PCR values). If the drive is removed and inserted into a different host, the TPM on the new machine will not have the matching keys, so the data remains unreadable. Access Control Lists (A) are enforced by the operating system - once a drive is removed and mounted on another OS, ACLs are irrelevant. File-level encryption (C) can protect data but does not inherently bind keys to specific hardware. TACACS+ (B) handles authentication for network devices and does not address physical disk removal.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice