A financial services company must secure daily backups totaling several terabytes before moving them to an on-premises archival server. The security engineer's primary requirement is to minimize CPU overhead and finish the encryption job during the limited overnight maintenance window. Which encryption approach should the engineer implement to meet these constraints?
Implement symmetric encryption with a shared secret key
Deploy a quantum key distribution (QKD) solution
Generate hashes of the files and store the hash values
Implement asymmetric encryption using a public/private key pair
Symmetric encryption uses the same shared secret key for encryption and decryption, allowing algorithms such as AES to process large data sets quickly with comparatively low computational overhead. This makes it the best fit for bulk backup encryption performed within a short maintenance window. Asymmetric encryption relies on resource-intensive public/private key operations and is usually reserved for tasks like key exchange or protecting small data sets. Hashing algorithms only verify integrity; they do not provide confidentiality. Quantum key distribution remains an emerging technology that is not yet practical or cost-effective for large-scale data-at-rest encryption in typical enterprise environments.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is symmetric encryption and how does it work?
Open an interactive chat with Bash
Why is asymmetric encryption slower than symmetric encryption?
Open an interactive chat with Bash
What are some examples of symmetric encryption algorithms?