A system administrator has been instructed by the head of security to protect their data at-rest.
Which of the following would provide the strongest protection?
A.
Prohibiting removable media
B.
Incorporating a full-disk encryption system
C.
Biometric controls on data center entry points
D.
A host-based intrusion detection system
Explanation:
A simple question with a simple answer:
Data can be divided into three categories: At rest, in Use and In Transit.
** Data at rest generally refers to data stored in persistent storage (disk, tape)
** Data in use generally refers to data being processed by a computer central processing unit (CPU) or in random access memory (RAM, also referred to as main memory or simply memory).
** Data in transit: Data in transit is defined into two categories, information that flows over the public or untrusted network such as the internet and data which flows in the confines of a private network such as a corporate or enterprise Local Area Network (LAN).
We are after the answer which provides the STRONGEST Protection to DATA AT REST
WRONG ANSWERS:
A..Prohibiting removable media:
This does nothing for data at rest in a HDD for example
C…Biometric controls on data center entry points
Controlling data center entry points with biometrics not only does nothing for data at rest on servers, but will do nothing for Data at rest found at Desktops on user’s desks for example.
D..A host-based intrusion detection system
It sounds good at face value, but this only deals with INTRUSIONS.
So the BEST answer is:
B.Incorporating a full-disk encryption system
Full disk encryption can be used to encrypt an entire volume with 128-bit encryption. When the entire volume is encrypted, the data is not accessible to someone who might boot another operating system in an attempt to bypass the computer’s security. Full disk encryption is
sometimes referred to as hard drive encryption. This would be best to protect data that is at rest.
0
0