3.4.10 Practice Questions

Question 1

You create a new document and save it to a hard drive on a file server on your company’s network. Then you employ an encryption tool to encrypt the file using AES.

This activity is an example of accomplishing which security goal?

answer

Integrity

Non-repudiation

Correct Answer:

Confidentiality

Availability

This activity is an example of accomplishing which security goal?

Answer 1

Confidentiality

Question 2

Which of the following should you set up to ensure encrypted files can still be decrypted if the original user account becomes corrupted?

PGP
DRA
VPN
GPG

Answer 2

DRA

Question 3

You want a security solution that protects the entire hard drive and prevents access even if the drive is moved to another system.

Which solution should you choose?

IPsec
EFS
VPN
BitLocker

Answer 3

BitLocker

Question 4

Which of the following security solutions would prevent a user from reading a file that they did not create?

IPsec
Bitlocker
EFS
VPN

Answer 4

EFS

Question 5

You’ve used BitLocker to implement full volume encryption on a notebook system. The notebook motherboard does not have a TPM chip, so you’ve used an external USB flash drive to store the BitLocker startup key.

You use EFS to encrypt the C:\Secrets folder and its contents.

Which of the following is true in this scenario? (Select two.)

answer

Only the user who encrypted the C:\Secrets\confidential.docx file is able to boot the computer from the encrypted hard disk.

If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will remain in an encrypted state.

By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it.

The EFS encryption process will fail.

If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state.

Any user who is able to boot the computer from the encrypted hard disk will be able to open the C:\Secrets\confidential.docx file.

Answer 5

a) By default, only the user who encrypted the C:\Secrets\confidential.docx file will be able to open it.
b) If the C:\Secrets\confidential.docx file is copied to an external USB flash drive, the file will be saved in an unencrypted state.

Question 6

Which utility would you MOST likely use on OS X to encrypt and decrypt data and messages?

PGP
IPsec
GPG
VPN

Answer 6

GPG

Question 7

You would like to implement BitLocker to encrypt data on a hard disk, even if it is moved to another system. You want the system to boot automatically without providing a startup key on an external USB device.

What should you do?

Use a PIN instead of a startup key.

Disable USB devices in the BIOS.

Save the startup key to the boot partition.

Enable the TPM in the BIOS.

Answer 7

Enable the TPM in the BIOS.

Question 8

You want to protect data on hard drives for users with laptops. You want the drive to be encrypted, and you want to prevent the laptops from booting unless a special USB drive is inserted. In addition, the system should not boot if a change is detected in any of the boot files.

What should you do?

Have each user encrypt the entire volume with EFS.

Implement BitLocker with a TPM.

Implement BitLocker without a TPM.

Have each user encrypt user files with EFS.

Answer 8

Implement BitLocker with a TPM.

Question 9

Which of the following database encryption methods encrypts the entire database and all backups?

Bitlocker

Application-level

Column-level

Transparent Data Encryption (TDE)

Answer 9

Transparent Data Encryption (TDE)

Question 10

You have transferred an encrypted file across a network using the Server Message Block (SMB) Protocol.

What happens to the file’s encryption?

The encryption carries over to the new location.

The encryption inherits from the new location.

The file is unencrypted when moved.

An encrypted file cannot be moved using SMB.

Answer 10

The file is unencrypted when moved.

Question 11

Access Certification Authority on the CORPSERVER2 server.
From Hyper-V Manager, select CORPSERVER2.
Maximize the window for better viewing.
From the Virtual Machines pane, double-click CorpCA.
From the Server Manager’s menu bar, select Tools > Certification Authority.
Maximize the window for better viewing.
From the left pane, expand CorpCA-CA.
Approve the pending certificate request for tsutton and mmallory.
Select Pending Requests.
From the right pane, scroll until you can see the Requester Name column.
Right-click on the row that contains tsutton and select All Tasks > Issue to approve the certificate.
Right-click on the row that contains mmallory and select All Tasks > Issue.
Deny the pending request for CorpSrv12.
Right-click on the row that contains CorpSrv12.CorpNet.com and select All Tasks > Deny.
Select Yes to confirm the denial.
Revoke bchan’s certificates.
From the left pane, select Issued Certificates.
From the right pane, right-click bchan.CorpNet.com and select All Tasks > Revoke Certificate.
Using the Reason code drop-down menu list, select Key Compromise.
Select Yes.
Unrevoke the CorpDev3 certificate.
From the left pane, select Revoked Certificates.
From the right pane, right-click CorpDev3.CorpNet.com and select All Tasks > Unrevoke Certificate.