A security analyst must ensure the confidentiality of sensitive customer data stored in a production database. Which of the following controls would MOST directly meet this requirement?
Configure RAID 5 on the database server
Enable file-integrity monitoring on the database files
Implement full-disk encryption (e.g., AES-256) for the database storage
Deploy a load balancer in front of the web servers
Full-disk or database-level encryption transforms stored information into ciphertext that cannot be read without the appropriate decryption key. This directly safeguards confidentiality if a server or storage medium is lost or compromised. The other controls either focus on integrity (file-integrity monitoring) or availability (RAID, load balancing) and do not primarily protect data confidentiality.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AES-256 encryption?
Open an interactive chat with Bash
How does full-disk encryption protect data confidentiality?
Open an interactive chat with Bash
What is the difference between confidentiality, integrity, and availability in cybersecurity?