CompTIA
SY0-301 · Question #482
SY0-301 Question #482: Real Exam Question with Answer & Explanation
The correct answer is C: Whole disk encryption with two-factor authentication. Whole disk encryption combined with two-factor authentication is the most comprehensive protection for data on a stolen laptop because it renders all data unreadable without both the encryption key and a second authentication factor.
Question
One of the most basic ways to protect the confidentiality of data on a laptop in the event the device is physically stolen is to implement which of the following?
Options
- AFile level encryption with alphanumeric passwords
- BBiometric authentication and cloud storage
- CWhole disk encryption with two-factor authentication
- DBIOS passwords and two-factor authentication
Explanation
Whole disk encryption combined with two-factor authentication is the most comprehensive protection for data on a stolen laptop because it renders all data unreadable without both the encryption key and a second authentication factor.
Common mistakes.
- A. File-level encryption only protects specific files or folders, leaving the operating system, swap files, temporary files, and unencrypted files exposed if the drive is physically removed.
- B. Biometric authentication secures login but does not protect data stored locally on the drive if the disk is extracted and read directly; cloud storage does not protect data that remains on the local drive.
- D. BIOS passwords can be bypassed by resetting CMOS or removing the drive and attaching it to another system, and they do not encrypt any data on the disk itself.
Concept tested. Whole disk encryption for physical theft protection
Community Discussion
No community discussion yet for this question.