Exam SK0-005 topic 1 question 6 discussion

Chat GPT: While encrypting hard drives is an excellent data loss prevention (DLP) strategy, it is equally important to secure access to the servers where encrypted data is stored. Implementing Multi-Factor Authentication (MFA) ensures that even if an unauthorized user gains access to credentials, they will still need a second authentication factor (e.g., a mobile app code, hardware token, or biometric data) to access the server. This adds an essential layer of security to protect sensitive data.

A is the only real DLP option presented. B is access control which is part of DLP, but the big-3 of DLP are protecting Data at Rest (server), Data in Transit (network) and Data in Use (user-end). C and D are also more about access control and network segmentation than they are about preventing data loss.

Port security is a vital component of network security that helps protect network ports from unauthorized access and potential security threats. By implementing robust port security measures, organizations can safeguard sensitive data, maintain network integrity, and ensure compliance with regulatory requirements. Port security is the more correct answer where it is giving you an answer. A is correct, but vague. The question is hinting at Data in transit, as it is giving you the other end of the scenario already.

Another BS CompTIA question....

Answer A

B is correct because MFA is the next step to prevent data loss Prevention.

We're looking at Data Loss Prevention here - which is "removing" data from where it is supposed to stay, not accessing data when we are not supposed to - Blocking USB media (Flash drives, thumb drives, external hard drives, etc) would prevent copying ("removing") data from the network.

no aaaa corrcet

bbbbbbbbbbbbbbbb

I believe D is it. Of the options, this is the only one that strikes me as a method. Study up the differences in strategy vs method

There are two different times when data encryption protects information: when the data is in transit across the network or at rest on the drive. The Official CompTIA Server+ Study Guide (Exam SK0-005) page 214. You have implemented "Data at rest" and then you should do "Data in transit".

I wouldn't choose 'A' because not all network traffic needs to be encrypted, Client-Client or Traffic over the internet encryption seems wild. No need for 'B' since it is already encrypted. 'C'... If you do that then no USBs are usable and that's needed for a lot of things. Which leaves 'D' to be the most logical answer.

You should not have physical access to the ports so I would look at data in motion (network traffic)

Reviewed answers again and took back my last answer (C) Answer seems to be A. The company encrypted data "at rest", so they need to encrypt data "in transit".

I think C is correct.

I think the correct answer might be A or C. If data is to be encrypted at rest, it probably should be encrypted at rest as well. Or you might block USB drives to avoid data being exfiltrated. Even if the USB drives are encrypted they still represent a risk because data could be efiltrated via USB drive

Wouldnt Port Security be considered Technical rather than Preventative? The question itself says 'encrypt data at rest as a preventative' why wouldnt encrypt data in transit be considered a preventative??