nerdexam
(ISC)2

CISSP · Question #1009

A security professional needs to find a secure and efficient method of encrypting data on an endpoint. Which solution includes a root key?

The correct answer is A. Bitlocker. BitLocker uses a root key hierarchy to protect volume encryption keys, making it the endpoint encryption solution that specifically incorporates a root key structure.

Submitted by zhang_li· Mar 5, 2026Asset Security

Question

A security professional needs to find a secure and efficient method of encrypting data on an endpoint. Which solution includes a root key?

Options

  • ABitlocker
  • BTrusted Platform Module (TPM)
  • CVirtual storage array network (VSAN)
  • DHardware security module (HSM)

How the community answered

(58 responses)
  • A
    83% (48)
  • B
    10% (6)
  • C
    5% (3)
  • D
    2% (1)

Why each option

BitLocker uses a root key hierarchy to protect volume encryption keys, making it the endpoint encryption solution that specifically incorporates a root key structure.

ABitlockerCorrect

BitLocker employs a key hierarchy that includes a Volume Master Key (VMK) protected by a root key, which can be stored in a TPM or as a recovery key. This root key structure ensures that the encryption keys are securely wrapped and only accessible under authorized conditions, providing both security and efficiency for endpoint disk encryption.

BTrusted Platform Module (TPM)

The Trusted Platform Module (TPM) is a hardware chip that stores cryptographic keys and can assist BitLocker, but it is a secure storage component rather than an encryption solution that itself includes a root key hierarchy for data encryption.

CVirtual storage array network (VSAN)

A Virtual Storage Area Network (VSAN) is a virtualized storage networking technology used for pooling storage resources across a network and is not an endpoint encryption solution nor does it inherently include a root key.

DHardware security module (HSM)

A Hardware Security Module (HSM) is a physical device used to manage and safeguard cryptographic keys for servers and applications, but it is not an endpoint data encryption solution and does not itself define a root key structure for encrypting endpoint data.

Concept tested: BitLocker endpoint encryption key hierarchy

Source: https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-overview

Topics

#endpoint encryption#BitLocker#root key#data at rest encryption

Community Discussion

No community discussion yet for this question.

Full CISSP Practice