Great News!
Many students who study using our platform have reported that a large number of the practice questions here are very similar to those that appear in real exams. View Courses
Many students who study using our platform have reported that a large number of the practice questions here are very similar to those that appear in real exams. View Courses
A systems administrator is informed that a database server containing PHI and PII is unencrypted. The environment does not support VM encryption, nor does it have a key management system. The server needs to be able to be rebooted for patching without manual intervention.
Which of the following will BEST resolve this issue?
Correct Answer: D. Enable volume encryption on the storage
Enabling volume encryption on the storage is the best solution in this scenario because it provides encryption at rest without requiring changes to the VM or operating system. Since the environment lacks VM encryption and key management but must support automated reboots, volume-level encryption managed by the storage system meets all requirements. It protects sensitive data (PHI and PII), supports unattended reboots, and ensures compliance with security standards without complex reconfiguration.
Why Other Options are Incorrect:
A. Ensure all database queries are encrypted
Encrypting queries protects data in transit but not data at rest, which is critical for PHI and PII. This approach does not address the unencrypted storage issue and offers only partial protection for the sensitive data involved.
B. Create an IPSec tunnel between the database server and its clients
IPSec tunnels secure data in transit but do not provide encryption at rest. While useful for network-level protection, this solution does not mitigate the risk of unencrypted data stored on disk.
C. Enable protocol encryption between the storage and the hypervisor
Protocol encryption secures data in transit between the hypervisor and storage but does not encrypt data once it resides on the disk. It’s a partial solution and does not fulfill the need for encryption at rest.
E. Enable OS encryption
OS-level encryption may protect data at rest, but it often requires manual key entry during reboots, which contradicts the requirement for rebooting without manual intervention. It also increases complexity and dependency on OS-level tools.
Discover a range of courses designed to provide you with the knowledge and skills needed to excel in your chosen field.
You don’t need one month to study and pass your test.
With Prepsaret, it takes you a few days to grasp all the concepts needed to pass your exams