A Linux administrator needs to encrypt an entire non-boot block device on a server to protect sensitive data at rest. The solution must align with the current industry standard for Linux disk encryption, support multiple passphrases, and use a modern, memory-hard key derivation function like Argon2 by default to resist GPU-based cracking attempts. Which of the following technologies should the administrator use?
The correct answer is LUKS2. LUKS2 (Linux Unified Key Setup 2) is the de facto standard for full-disk encryption in Linux. It operates at the block device level, allowing any filesystem to be placed on top of the encrypted layer. LUKS2 introduces significant improvements over its predecessor, including using the modern, memory-hard key derivation function Argon2id by default, which is specifically designed to be resistant to GPU-based password cracking attempts. GPG (GNU Privacy Guard) is used for file-level or communication encryption, not for encrypting entire block devices. Argon2 is a key derivation function (KDF) itself, not a disk encryption framework; it is a component used by LUKS2 to derive the encryption key from a passphrase. WireGuard is a VPN protocol used to secure data in transit, not data at rest.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is LUKS2 and why is it the industry standard for disk encryption?
Open an interactive chat with Bash
Why is Argon2id important in LUKS2 encryption?
Open an interactive chat with Bash
How does LUKS2 compare to GPG for data encryption?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access