A systems administrator is tasked with hardening a new file server to mitigate the risk of data theft from a physical breach of the data center. A primary security requirement is that all data stored on the server's drives must be unreadable if the physical drives are removed from the server. The encryption method should be transparent to the operating system and applications once the system is booted. Which of the following solutions BEST meets this requirement?
The correct answer is Full Disk Encryption (FDE). FDE is designed to encrypt all data on a storage device, including the operating system, application files, and temporary files. This method directly addresses the scenario's requirement to make the entire drive's contents unreadable if the physical drives are stolen. Once the system is booted and the key is provided, the process is largely transparent to the OS and applications.
Transport Layer Security (TLS) is incorrect because it is a protocol used to encrypt data in transit over a network, not data at rest on a storage device.
File-level encryption is incorrect because it encrypts individual files or folders, not the entire disk. While a form of data-at-rest encryption, it would not protect the operating system or other unencrypted files on the disk, making it less comprehensive than FDE for this scenario.
Database encryption (such as Transparent Data Encryption or TDE) is incorrect because it is specific to securing database files. This solution would not encrypt the operating system or other non-database files on the server.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Full Disk Encryption (FDE)?
Open an interactive chat with Bash
How is Full Disk Encryption different from File-level encryption?
Open an interactive chat with Bash
Why isn't Transport Layer Security (TLS) suitable for securing data at rest?