CISSP · Question #1009
A security professional needs to find a secure and efficient method of encrypting data on an endpoint. Which solution includes a root key?
The correct answer is A. Bitlocker. BitLocker uses a root key hierarchy to protect volume encryption keys, making it the endpoint encryption solution that specifically incorporates a root key structure.
Question
A security professional needs to find a secure and efficient method of encrypting data on an endpoint. Which solution includes a root key?
Options
- ABitlocker
- BTrusted Platform Module (TPM)
- CVirtual storage array network (VSAN)
- DHardware security module (HSM)
How the community answered
(58 responses)- A83% (48)
- B10% (6)
- C5% (3)
- D2% (1)
Why each option
BitLocker uses a root key hierarchy to protect volume encryption keys, making it the endpoint encryption solution that specifically incorporates a root key structure.
BitLocker employs a key hierarchy that includes a Volume Master Key (VMK) protected by a root key, which can be stored in a TPM or as a recovery key. This root key structure ensures that the encryption keys are securely wrapped and only accessible under authorized conditions, providing both security and efficiency for endpoint disk encryption.
The Trusted Platform Module (TPM) is a hardware chip that stores cryptographic keys and can assist BitLocker, but it is a secure storage component rather than an encryption solution that itself includes a root key hierarchy for data encryption.
A Virtual Storage Area Network (VSAN) is a virtualized storage networking technology used for pooling storage resources across a network and is not an endpoint encryption solution nor does it inherently include a root key.
A Hardware Security Module (HSM) is a physical device used to manage and safeguard cryptographic keys for servers and applications, but it is not an endpoint data encryption solution and does not itself define a root key structure for encrypting endpoint data.
Concept tested: BitLocker endpoint encryption key hierarchy
Source: https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-overview
Topics
Community Discussion
No community discussion yet for this question.