A systems administrator is hardening a new payroll system that houses credit-card data. She enables Transparent Data Encryption (TDE) on the SQL Server 2022 database files and establishes a site-to-site VPN that uses IPsec ESP to encrypt the nightly replication traffic between headquarters and the disaster-recovery site. According to the company's policy, encryption controls must align with the correct paradigm. Which statement correctly maps each control to its encryption paradigm?
TDE protects data at rest, and IPsec protects data in transit.
Both TDE and IPsec protect data at rest only.
Both TDE and IPsec protect data in transit only.
TDE protects data in transit, and IPsec protects data at rest.
Transparent Data Encryption works at the storage layer of SQL Server, encrypting database and log files that reside on disk; therefore, it addresses the data-at-rest paradigm. IPsec's Encapsulating Security Payload encrypts IP packets while they traverse the network, protecting confidentiality as the data moves between sites, so it falls under the data-in-transit paradigm. The other options either reverse the paradigms or claim both controls protect only one state of data, which is inaccurate.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Transparent Data Encryption (TDE)?
Open an interactive chat with Bash
What is IPsec ESP and how does it protect data in transit?
Open an interactive chat with Bash
What are the 'data at rest' and 'data in transit' paradigms?