An organization with a low tolerance for user inconvenience wants to protect laptop hard drives against loss or data theft. Which of the following would be the MOST acceptable?
A. SED (self-encrypting drive) would be the most acceptable option for an organization with a low tolerance for user inconvenience that wants to protect laptop hard drives against loss or data theft. SEDs are hardware-based encryption devices that automatically encrypt data on a hard drive without requiring any additional input or configuration from the user. This means that the user does not have to perform any additional steps to encrypt their data, which can help to prevent data loss or theft. By contrast, other options like HSM (hardware security module), DLP (data loss prevention), and TPM (trusted platform module) may require more user involvement and may not be as convenient for users.
I think i will go with D because the key words "user inconvenice."
A TPM isn’t something you have to think about much. Your computer either has a TPM or it doesn’t — and modern computers generally will. An SED drive is an external drive connected to your laptop, that's a whole other situation.
" TPM is arguably more of a convenience feature. Storing the encryption keys in hardware allows a computer to automatically decrypt the drive, or decrypt it with a simple password. It’s more secure than simply storing that key on the disk, as an attacker can’t simply remove the disk and insert it into another computer. It’s tied to that specific hardware."
https://www.howtogeek.com/237232/what-is-a-tpm-and-why-does-windows-need-one-for-disk-encryption/
It was literally made to be convenient!
device or drive, both are used, why i meant is: it is the storage device itself (e.g., a hard drive or solid-state drive) that incorporates built-in hardware for encryption, not an external device that you attach to another storage device for encryption
TPM must be activated/enabled to work with Bitlocker by the user as well as other OS system encryption software. SED auto encrypts and decrypts data without user intervention. SED would be the most convenient
Self-Encrypting Drives (SEDs) offer hardware-based encryption for data at rest. They are built into the hard drive itself and automatically encrypt all data written to the drive.
SEDs are hard drives that have built-in hardware encryption capabilities. They automatically encrypt data as it is written to the drive and decrypt it as it is read, transparently to the user. This means that even if the hard drive is removed or stolen, the data remains encrypted and is not accessible without the proper authentication credentials.
By using SEDs, the organization can ensure that data stored on laptops is protected at all times, without requiring additional user actions or impacting their workflow. It provides a strong security measure against data loss or theft while minimizing inconvenience for the users.
I choose D because of the explanation below.
What is SED vs full-disk encryption?
Full-disk encryption (FDE) and self-encrypting drives (SED) encrypt data as it is written to the disk and decrypt data as it is read off the disk. FDE makes sense for laptops, which are highly susceptible to loss or theft. But FDE isn't suitable for the most common risks faced in data center and cloud environments.
The most acceptable option to protect laptop hard drives against loss or data theft is SED. A self-encrypting drive (SED) automatically encrypts all data written to the drive and decrypts all data read from the drive. This provides protection against data theft if the laptop is lost or stolen.
The OPAL storage specification is the industry standard for self-encrypting drives. This is
a hardware solution, and typically outperform software-based alternatives.
They don't have the same vulnerabilities as software and therefore are more secure.
SEDs are Solid State Drives (SSDs) and are purchased already set to encrypt data at rest.
The encryption keys are stored on the hard drive controller.
They are immune to a cold boot attack and are compatible with all operating systems
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
FMMIR
Highly Voted 2 years, 6 months agookay123
Highly Voted 2 years, 6 months agoAlcpt
1 year, 2 months agokigikik881
1 year, 8 months agoTeleco0997
1 year, 7 months agoTeleco0997
1 year, 7 months agodavid124
Most Recent 1 year, 5 months agoGrumpy_Old_Coot
1 year, 5 months agoshaneo007
1 year, 5 months agoSoleandheel
1 year, 7 months agoComPCertOn
1 year, 7 months agoCyberjerry
1 year, 8 months agoAfel_Null
1 year, 8 months agomalibi
1 year, 9 months agogho5tface
1 year, 10 months agoAbdul2107
1 year, 11 months agoApplebeesWaiter1122
1 year, 12 months agoNavigator
2 years agoNavigator
2 years agofouserd
2 years, 2 months agoDWISE1
2 years, 3 months ago