A systems administrator is tasked with implementing a comprehensive data security strategy for a new file server that will store sensitive customer financial records. The company's security policy mandates that the data must be protected from unauthorized access, both when stored on the server's disks and when accessed by authorized users over the corporate network. Additionally, all financial records must be kept for a minimum of seven years, even if they are no longer actively used. Which of the following combinations of controls BEST addresses all these requirements?
Configure a BIOS password, enable a host-based firewall, and store daily backups off-site.
Deploy a Security Information and Event Management (SIEM) system, establish data value prioritization, and implement physical access controls to the data center.
Use RAID-1 mirroring for data redundancy, implement multifactor authentication (MFA) for server login, and set a bootloader password.
Implement Transparent Data Encryption (TDE) for data at rest, enforce Transport Layer Security (TLS) for all client connections, and configure a data archiving and retention policy.
The correct answer addresses the three distinct requirements outlined in the scenario: protecting data at rest, protecting data in transit, and ensuring long-term data retention. Transparent Data Encryption (TDE) or similar full-disk encryption technologies protect data at rest by encrypting the contents of the hard drives. Transport Layer Security (TLS) is the standard protocol for encrypting data in transit over a network. A data archiving and retention policy ensures that data is kept for the required seven-year period according to regulatory or company requirements.
A BIOS password and a bootloader password provide hardening against unauthorized booting of the OS but do not encrypt the data stored on the disks themselves, leaving it vulnerable if the disks are physically removed. RAID-1 provides data redundancy for availability but does not provide confidentiality through encryption. A SIEM system is used for monitoring and log analysis, not for the primary encryption of data at rest or in transit.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Transparent Data Encryption (TDE) and how does it protect data at rest?
Open an interactive chat with Bash
Why is Transport Layer Security (TLS) important for protecting data in transit?
Open an interactive chat with Bash
What is the purpose of a data archiving and retention policy?