A security analyst must ensure the confidentiality of sensitive customer data stored in a production database. Which of the following controls would MOST directly meet this requirement?
Implement full-disk encryption (e.g., AES-256) for the database storage
Deploy a load balancer in front of the web servers
Configure RAID 5 on the database server
Enable file-integrity monitoring on the database files
Full-disk or database-level encryption transforms stored information into ciphertext that cannot be read without the appropriate decryption key. This directly safeguards confidentiality if a server or storage medium is lost or compromised. The other controls either focus on integrity (file-integrity monitoring) or availability (RAID, load balancing) and do not primarily protect data confidentiality.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'data at rest' mean?
Open an interactive chat with Bash
How does encryption enhance data confidentiality?
Open an interactive chat with Bash
What are some common encryption methods used for data at rest?