CompTIA
SY0-301 · Question #430
SY0-301 Question #430: Real Exam Question with Answer & Explanation
The correct answer is A: File encryption. File encryption directly protects the specific sensitive file containing the master password list, ensuring it cannot be read even by users with filesystem or disk access.
Question
A team of firewall administrators have access to a `master password list' containing service account passwords. Which of the following BEST protects the master password list?
Options
- AFile encryption
- BPassword hashing
- CUSB encryption
- DFull disk encryption
Explanation
File encryption directly protects the specific sensitive file containing the master password list, ensuring it cannot be read even by users with filesystem or disk access.
Common mistakes.
- B. Hashing the passwords within the list would make individual passwords non-recoverable for their intended use as service account credentials, rendering the master password list non-functional.
- C. USB encryption only protects the file if it is stored on that specific encrypted USB drive and provides no protection when the file is copied to or accessed from a different storage location.
- D. Full disk encryption protects all data on a volume from physical theft but does not protect the file from any user or process that has authenticated access to the running operating system.
Concept tested. File encryption for protecting sensitive credential files
Reference. https://csrc.nist.gov/publications/detail/sp/800-111/final
Community Discussion
No community discussion yet for this question.