Security+ Confidentiality

Confidentiality prevents the unauthorized disclosure of data. In other words, authorized personnel can access the data, but unauthorized personnel cannot access the data. You can ensure confidentiality using several different methods discussed in the following sections.

Encryption

Encryption scrambles data to make it unreadable by unauthorized personnel. Authorized personnel can decrypt the data to access it, but encryption techniques make it extremely difficult for unauthorized personnel to access encrypted data. Chapter 10 of CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide covers encryption in much more depth, including commonly used encryption algorithms like Advanced Encryption Standard (AES).

As an example, imagine you need to transmit Personally Identifiable Information (PII), such as medical information or credit card data via email. You wouldn’t want any unauthorized personnel to access this data, but once you click Send, you’re no longer in control of the data. However, if you encrypt the data before you send it, you protect the confidentiality of the data.

Access Controls

Identification, authentication, and authorization combined provide access controls and help ensure that only authorized personnel can access data. Imagine that you want to grant Maggie access to some data, but you don’t want Homer to be able to access the same data. You use access controls to grant and restrict access. The following bullets introduce key elements of access controls:

Identification. Users claim an identity with a unique username. For example, both Maggie and Homer have separate user accounts identified with unique usernames. When Maggie uses her account, she is claiming the identity of her account.
Authentication. Users prove their identity with authentication, such as with a password. For example, Maggie knows her password, but no one else should know it. When she logs on to her account with her username and password, she is claiming the identity of her account and proving her identity with the password.
Authorization. Next, you can grant or restrict access to resources using an authorization method, such as permissions. For example, you can grant Maggie’s account full control access to files and folders, and ensure that Homer doesn’t have any permissions to access the data. Chapter 2 of CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide digs into access control models a little deeper, including how they enforce authorization settings.

Security+ Study Packages

Steganography

A third method you can use for confidentiality is steganography. Chapter 10 of CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide covers steganography in more depth, but as an introduction, it is the practice of hiding data within data. Many people refer to it as hiding data in plain sight. For example, you can embed a hidden message in an image by modifying certain bits within the file. If other people look at the file, they won’t notice anything. However, if other people know what to look for, they will be able to retrieve the message.

As a simpler example, you can add a text file to an image file without the use of any special tools other than WinRAR and the Windows command line. If you’re interested in seeing how to do this, check out the Steganography Lab in the online exercises for this book at http://gcgapremium.com/labs/.

Remember this

Confidentiality ensures that data is only viewable by authorized users. The best way to protect the confidentiality of data is by encrypting it. This includes any type of data, such as PII, data in databases, and data on mobile devices. Access controls help protect confidentiality by restricting access. Steganography helps provide confidentiality by hiding data, such as hiding text files within an image file.

Security+ Practice Test Questions

SY0-501 Practice Test Questions

Over 300 realistic Security+ practice test questions

All questions include explanations so you’ll know why the correct answers are correct,

and why the incorrect answers are incorrect.

Pass the Security+ Exam

the First Time You Take It

Multiple quiz formats to let you use these questions based on the way you learn.

Learn mode – randomized. View each of the questions in random order. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
Learn mode – not randomized. View each of the questions in the same order. Use this if you want to make sure that you see all of the questions. Learn mode allows you to keep selecting answers until you select the correct answer. Once you select the correct answer, you’ll see the explanation. Click here to see how learn mode works.
Test mode – randomized. View each of the questions in random order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
Test mode – not randomized. View each of the questions in the same order. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.
Test mode – 75 random questions. View 75 random questions from the full test bank similar to how the Security+ exam has a potential maximum of 75 multiple choice questions. In test mode, you can only see the correct answers and explanations after you complete the test. Click here to see how test mode works.

Get the full bank of SY0-501 Practice Test Questions Here

SY0-501 Practice Test Questions

INCLUDES QUESTIONS TO HELP YOU PREPARE

FOR THE NEW PERFORMANCE BASED QUESTIONS

Bonus – Performance Based Questions

Three sets of performance-based questions including over 30 questions. These questions show you what you can expect in the live exam. They include drag and drop, matching, sorting, and fill in the blank questions. See a demo here.

Bonus – Extra Practice Test Questions

New multiple-choice questions in the extra test bank. Questions are added occasionally. You can see what has been added recently here.

Get the full bank of Security+ (SYO-501) Practice Test Questions Here

Get the full bank of Security+ Practice Test Questions

Click here if you’re looking for SY0-501 Full Study Package

Security+ Full Access Package

Pass the First Time!

Up-to-date Content

New multiple-choice and performance-based questions added regularly

Pass the first time with quality practice test questions, performance-based questions, flashcards, and audio.

Buy The Full Access Study Package Today

60 Days Access

Need more time? You can easily renew for another 60 days at a significantly reduced price.

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here

Our online Security+ study materials are the perfect complement to the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. They can also be used to help ensure you’re ready no matter what study guide you’re using.

This exam is expensive.

Make sure you’re ready before exam day.

Here’s what you’ll get:

All of the multiple-choice questions from the best-selling CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide. See a demo here. All questions have full explanations so you’ll know why the correct answers are correct and why the incorrect answers are incorrect.
Over 40 new multiple-choice questions we’ve added after publishing the study guide.
Over 30 performance-based questions. See a demo here.
All of the flashcards from the study guide. View them in any Web browser.
All of the audio from the study guide. Listen to a sample here.
Access to a free discount code for 10% off your Security+ voucher.

Buy The Full Access Study Package Today

60 Days Access

All materials are available online shortly after making your payment.

Get the Security+ Full Access Study Package Here