CV0-003 · Question #448
A Big Data analytics company wants to ensure its data is protected at rest. Which of the following is the BEST hardware-based solution?
The correct answer is A. Self-encrypting disk. Self-encrypting disks use built-in hardware encryption engines to automatically encrypt all data written to the disk, making them the best hardware-based solution for protecting Big Data at rest.
Question
A Big Data analytics company wants to ensure its data is protected at rest. Which of the following is the BEST hardware-based solution?
Options
- ASelf-encrypting disk
- BTokenization
- CLUN masking
- DDeduplication
How the community answered
(21 responses)- A86% (18)
- B5% (1)
- D10% (2)
Why each option
Self-encrypting disks use built-in hardware encryption engines to automatically encrypt all data written to the disk, making them the best hardware-based solution for protecting Big Data at rest.
A self-encrypting disk (SED) contains a dedicated hardware encryption processor that encrypts and decrypts data transparently as it is written to or read from the drive. Because encryption is performed entirely in hardware, it introduces no software overhead and is ideal for protecting large volumes of Big Data at rest without impacting application performance.
Tokenization replaces sensitive data values with non-sensitive placeholders in software and is not a hardware-based encryption solution for protecting data stored on disk.
LUN masking is a storage access control technique that restricts which hosts can see a given logical unit and does not encrypt data stored on the disk.
Deduplication reduces storage consumption by eliminating duplicate data blocks and is a storage efficiency technique, not a security or encryption mechanism.
Concept tested: Hardware-based encryption for data at rest using SEDs
Source: https://csrc.nist.gov/publications/detail/sp/800-111/final
Topics
Community Discussion
No community discussion yet for this question.