A security administrator must establish a secure storage solution for project documents classified as 'Restricted'. According to the company's policy, 'Restricted' data requires strong access controls to prevent unauthorized disclosure, as its compromise could cause significant damage to the organization. Which of the following solutions BEST meets the requirements for storing this type of data?
Upload the documents to a public cloud storage folder to ensure they are accessible from anywhere.
Store the documents in an air-gapped, encrypted hard drive that is kept in a secure off-site bank vault.
Store the documents on an encrypted file server located in a locked server room, with access managed by an Access Control List (ACL) that grants permissions only to authorized project members.
Place the documents on a shared network drive that is accessible to all internal employees to facilitate easy collaboration.
The correct option is the most comprehensive solution that aligns with the security requirements for 'Restricted' data. It combines technical controls (encryption at rest, ACLs) with physical security (locked server room). This multi-layered approach ensures that access is strictly controlled, both physically and logically, which is appropriate for data whose unauthorized disclosure could cause significant damage. Storing the documents on a general internal share is too permissive. Storing them in a publicly accessible cloud folder is completely insecure. Using an air-gapped drive in a bank vault is an extreme measure, more suitable for 'Top Secret' data, and it severely impacts availability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'Restricted' classification mean in terms of document security?
Open an interactive chat with Bash
What are some examples of secure containers used for storing sensitive documents?
Open an interactive chat with Bash
Why is security clearance important for accessing 'Restricted' documents?