CompTIA Security+ (SY0-701) — Question 347

Which of the following should be used to ensure an attacker is unable to read the contents of a mobile device's drive if the device is lost?

Answer options

• A. TPM
• B. ECC
• C. FDE
• D. HSM

Correct answer: C

Explanation

Full Disk Encryption (FDE) is the correct solution as it encrypts all data on the device, making it unreadable without the proper credentials. TPM (Trusted Platform Module) helps with hardware-based security but does not directly encrypt data. ECC (Elliptic Curve Cryptography) is a method of encryption, but it is not specifically designed for full disk protection. HSM (Hardware Security Module) provides cryptographic key management but does not encrypt the device's drive itself.