SY0-701 · Question #387
SY0-701 Question #387: Real Exam Question with Answer & Explanation
The correct answer is A: Disk encryption. Disk encryption directly protects data at rest by rendering the entire drive unreadable without the correct credentials - if a laptop is stolen, the attacker cannot access the data even by removing the drive and attaching it to another machine. Data Loss Prevention (B) focuses on
Question
A security administrator is working to secure company data on corporate laptops in case the laptops are stolen. Which of the following solutions should the administrator consider?
Options
- ADisk encryption
- BData loss prevention
- COperating system hardening
- DBoot security
Explanation
Disk encryption directly protects data at rest by rendering the entire drive unreadable without the correct credentials - if a laptop is stolen, the attacker cannot access the data even by removing the drive and attaching it to another machine.
Data Loss Prevention (B) focuses on preventing sensitive data from leaving the organization via channels like email or USB, not on protecting data if a physical device is stolen. OS hardening (C) reduces attack surface by disabling unnecessary services and applying patches, but a thief bypasses the OS entirely by mounting the drive externally. Boot security (D) (e.g., Secure Boot) ensures only trusted software runs at startup, but it doesn't prevent someone from reading raw disk data through another system.
Memory tip: Think "stolen laptop = no OS, no network, just a raw drive." Only encryption protects data at the storage layer, which is the only layer still relevant once physical control is lost.
Topics
Community Discussion
No community discussion yet for this question.