nerdexam
CompTIA

CV0-003 · Question #448

A Big Data analytics company wants to ensure its data is protected at rest. Which of the following is the BEST hardware-based solution?

The correct answer is A. Self-encrypting disk. Self-encrypting disks use built-in hardware encryption engines to automatically encrypt all data written to the disk, making them the best hardware-based solution for protecting Big Data at rest.

Security

Question

A Big Data analytics company wants to ensure its data is protected at rest. Which of the following is the BEST hardware-based solution?

Options

  • ASelf-encrypting disk
  • BTokenization
  • CLUN masking
  • DDeduplication

How the community answered

(21 responses)
  • A
    86% (18)
  • B
    5% (1)
  • D
    10% (2)

Why each option

Self-encrypting disks use built-in hardware encryption engines to automatically encrypt all data written to the disk, making them the best hardware-based solution for protecting Big Data at rest.

ASelf-encrypting diskCorrect

A self-encrypting disk (SED) contains a dedicated hardware encryption processor that encrypts and decrypts data transparently as it is written to or read from the drive. Because encryption is performed entirely in hardware, it introduces no software overhead and is ideal for protecting large volumes of Big Data at rest without impacting application performance.

BTokenization

Tokenization replaces sensitive data values with non-sensitive placeholders in software and is not a hardware-based encryption solution for protecting data stored on disk.

CLUN masking

LUN masking is a storage access control technique that restricts which hosts can see a given logical unit and does not encrypt data stored on the disk.

DDeduplication

Deduplication reduces storage consumption by eliminating duplicate data blocks and is a storage efficiency technique, not a security or encryption mechanism.

Concept tested: Hardware-based encryption for data at rest using SEDs

Source: https://csrc.nist.gov/publications/detail/sp/800-111/final

Topics

#encryption at rest#self-encrypting drive#hardware security#data protection

Community Discussion

No community discussion yet for this question.

Full CV0-003 Practice