A company issues laptops containing confidential data to employees. The devices need safeguards against an attacker who removes the internal storage for access. Which approach best prevents the data from being revealed if the drive is extracted?
Use a self-encrypting drive that locks data when the laptop is off
Require a passcode-based screen saver on the operating system
Block booting from external media in the firmware settings
Install an antivirus solution that inspects for filesystem modifications
A self-encrypting drive ensures that data on the storage device remains unreadable when removed from the system or powered off. Restricting external media at startup does not address scenarios where the original drive is taken. A screen saver password only protects a session and does not block drive removal. Antivirus software is unrelated to protecting information offline or data at rest.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a self-encrypting drive (SED) and how does it work?
Open an interactive chat with Bash
How is a self-encrypting drive different from software-based encryption?
Open an interactive chat with Bash
What are the limitations or challenges of self-encrypting drives?