A financial services firm needs to send monthly confidential performance reports containing sensitive client data to an external analyst over the Internet. The reports are generated automatically and traverse several third-party networks outside the organization's control. Compliance policy states that even if the traffic is intercepted anywhere along the path, the report contents must remain unreadable to anyone except the intended analyst. Which of the following techniques best satisfies this requirement?
Utilizing obfuscation methods when preparing the report
Implementing end-to-end encryption for the transmission
Applying full-disk encryption on the sender's and recipient's computers
Full-disk encryption is a strong security measure but protects only data at rest on storage media, not information being transmitted. Obfuscation methods (such as data masking) can disguise values but are reversible and do not provide cryptographic confidentiality against a determined adversary. Certificate-based network authentication, as used in 802.1X, verifies a device's identity to join a network but does not by itself encrypt the payload of subsequent communications. End-to-end encryption, in contrast, encrypts the data on the sender's device and keeps it encrypted until it reaches the recipient's device, ensuring that any interceptor lacking the decryption key cannot read the report contents.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is end-to-end encryption and how does it work?
Open an interactive chat with Bash
Why is full-disk encryption not suitable for encrypting data in motion?
Open an interactive chat with Bash
What role does certificate-based network authentication play in data security?