Which of the following controls best helps protect legal documents stored on a company file server (data at rest) by ensuring they remain unreadable to unauthorized users?
Mask the document filenames to hide their purpose.
Hash each document with SHA-256 to detect changes.
Apply a confidentiality label to the documents in the document-management system.
Encrypt the documents using an industry-standard algorithm and proper key management.
Encrypting data converts readable information into ciphertext that can only be returned to plaintext with the proper decryption key. This preserves confidentiality even if an attacker gains access to the storage medium. Hashing detects changes but does not hide content, masking filenames only obscures metadata, and simply labeling data as confidential does not technically prevent disclosure.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is encryption and how does it protect data at rest?
Open an interactive chat with Bash
What is the difference between encryption and hashing?
Open an interactive chat with Bash
Why is proper key management important in encryption?