Free Preparation Discussions
MENU
Cisco 300-745 Exam - Topic 3 Question 1 Discussion
Topic #: 3
A financial company is focused on proactively protecting sensitive data stored on the devices. The company recognizes the potential risks associated with lost or stolen devices and they want a solution to ensure that if unauthorized user access the device, the data it contains is not accessible or misused. The solution includes implementing a strategy that renders data unreadable without user authentication. Which solution meets the requirement?
For a financial company, protecting 'data at rest' is a critical requirement of the Cisco Security Infrastructure blueprint. While physical security and BIOS-level protections have their place, Data encryption on disk (such as BitLocker, FileVault, or hardware-encrypted drives) is the only solution that fulfills the requirement of rendering the actual data unreadable if the device is lost or stolen.
Disk encryption uses cryptographic algorithms to transform readable data into ciphertext. Without the correct decryption key---which is typically released only after successful user authentication---the data remains a meaningless string of characters even if the hard drive is removed and connected to a different machine. A Kensington Lock (Option A) is a physical deterrent to prevent theft but does not protect the data if the lock is cut or the device is stolen. A BIOS password (Option B) can prevent the OS from booting but does not stop an attacker from reading the data directly from the storage media. GPS tracking (Option D) helps in recovery but does not prevent unauthorized data access in the interim. Implementing full-disk encryption aligns with the Cisco SAFE principle of pervasive data protection and ensures compliance with financial regulations regarding the safeguarding of sensitive client information on mobile endpoints.
========
Shoshana
Justa
5 days agoAlline
10 days ago