A system administrator needs to encrypt a new block device to protect sensitive data at rest. A key requirement is maximizing resilience against metadata corruption. Which command should the administrator use to format the device using the most suitable technology for this requirement?
The correct command is cryptsetup luksFormat --type luks2 /dev/sdb1. The cryptsetup utility is the standard tool for managing LUKS-encrypted devices. Specifying --type luks2 ensures the use of the LUKS2 format, which is the modern standard. A primary advantage of LUKS2 over the older LUKS1 is its resilience to header corruption, as it stores redundant copies of metadata that can be used for automatic recovery. The dd command is used for low-level copying and can be used to wipe a disk with random data, but it does not create an encrypted LUKS volume for ongoing use. The luksformat command is not a standard Linux utility for this purpose; cryptsetup is the correct tool. Using --type luks1 would create a volume with the older, less resilient format that lacks the automatic recovery features of LUKS2.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between LUKS1 and LUKS2?
Open an interactive chat with Bash
What is `cryptsetup` used for?
Open an interactive chat with Bash
Why is metadata redundancy important in LUKS2?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access