A system administrator has been tasked with securing data at rest for a company's document storage server, ensuring maximum confidentiality. Which of the following solutions would be the MOST appropriate to accomplish this task?
Ensure Secure Socket Layer (SSL)/Transport Layer Security (TLS) is enabled on the server.
Encrypt each document individually with a unique key.
Utilize a VPN with robust encryption for accessing documents remotely.
Implement full disk encryption on the document storage server drive.
Full disk encryption (FDE) is the correct choice as it provides comprehensive encryption of all data on the storage medium, ensuring that without the appropriate decryption key, no data can be read, regardless of the system state or whether the storage device is transferred to another machine. Encrypting individual files, while useful, does not offer the same level of protection if an attacker gains access to the underlying file system. Encrypting data using a VPN only secures data in transit, not at rest. SSL/TLS also protects data in transit and does not apply to data at rest.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Full Disk Encryption (FDE)?
Open an interactive chat with Bash
What are the benefits of FDE compared to individual file encryption?