A security administrator is reviewing protection mechanisms for a database containing sensitive financial records. The main concern is that an attacker could steal the server's hard drives and access the database files directly. To mitigate this specific threat, which security control should the administrator prioritize?
The scenario describes a threat to data that is stored on physical media (hard drives), which is known as 'data at rest'. Therefore, implementing data at rest encryption is the appropriate control to ensure the data is unreadable if the drives are stolen. Data in transit encryption protects data as it moves over a network, which does not apply to stolen physical media. Data in use encryption protects data while it is being actively processed in memory (RAM), not while it is stored on a disk. Data masking is a technique used to substitute sensitive data with fictitious data, typically for development or testing, and it does not protect the original source data files from being read if they are stolen.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the difference between data at rest, data in transit, and data in use?
Open an interactive chat with Bash
What encryption methods are commonly used to protect data at rest?
Open an interactive chat with Bash
How does encrypted storage differ from encryption for data at rest?