CompTIA Cloud+ Practice Test

What solution best satisfies data-at-rest encryption requirements for a database?

• A. Install an SSL certificate and only allow secure connections to the server
• B. Enable two-factor authentication on connections to the database server and log activities
• C. Activate memory encryption on the virtual server and store the certificates remotely
• D. Create a virtual encrypted disk, add it to the virtual server, and have the database write to it

The correct answer is: Install an SSL certificate and only allow secure connections to the server

The most suitable solution for data-at-rest encryption requirements for a database is to create a virtual encrypted disk, add it to the virtual server, and have the database write to it. This approach ensures that the data stored within the database is securely encrypted while it is not in use. By utilizing virtual encrypted disks, any data that is written to this disk is automatically protected by encryption algorithms, making it inaccessible to unauthorized users or malicious actors. Data-at-rest encryption specifically addresses the need to secure data that is stored on disk, which is crucial for protecting sensitive information from risks such as theft, loss, or unauthorized access. Encrypting the disk where the database resides means that even if someone gains physical access to the storage devices, they will be unable to decipher the contents without the appropriate decryption keys. In contrast, installing an SSL certificate mainly secures data in transit rather than data at rest, enabling encrypted connections when data is being transmitted. Enabling two-factor authentication and logging activities adds layers of security for access management but does not directly address the encryption of data stored on disk. Activating memory encryption may protect data while it is actively being processed in memory but does not safeguard data that is stored persistently on disk. Thus, the solution of creating a