CISSP Question #1009: Real Exam Question with Answer & Explanation

Question

A security professional needs to find a secure and efficient method of encrypting data on an endpoint. Which solution includes a root key?

Options

• ABitlocker
• BTrusted Platform Module (TPM)
• CVirtual storage array network (VSAN)
• DHardware security module (HSM)

Explanation

BitLocker uses a root key hierarchy to protect volume encryption keys, making it the endpoint encryption solution that specifically incorporates a root key structure.

Common mistakes.

• B. The Trusted Platform Module (TPM) is a hardware chip that stores cryptographic keys and can assist BitLocker, but it is a secure storage component rather than an encryption solution that itself includes a root key hierarchy for data encryption.
• C. A Virtual Storage Area Network (VSAN) is a virtualized storage networking technology used for pooling storage resources across a network and is not an endpoint encryption solution nor does it inherently include a root key.
• D. A Hardware Security Module (HSM) is a physical device used to manage and safeguard cryptographic keys for servers and applications, but it is not an endpoint data encryption solution and does not itself define a root key structure for encrypting endpoint data.

Concept tested. BitLocker endpoint encryption key hierarchy

Reference. https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-overview

No community discussion yet for this question.