Which statement correctly describes encryption at rest, encryption in transit, and basic key-management concepts?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Enhance your NSF Specialist Training skills. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which statement correctly describes encryption at rest, encryption in transit, and basic key-management concepts?

Explanation:
Protecting data depends on its state: when it’s stored versus when it’s moving, and how the cryptographic keys used to protect it are handled. Encryption at rest secures data that is stored on disks, databases, or backup media so that if the storage medium is accessed without authorization, the data remains unreadable. Encryption in transit secures data as it travels over networks between endpoints, guarding against eavesdropping and tampering. Key management is the backbone that makes both forms of encryption effective. It covers generating strong keys, storing them securely (often using a hardware security module or a trusted key management service), rotating keys regularly to limit exposure after a compromise, enforcing who can access or use the keys through access controls, and revoking keys when they’re no longer trusted or when an override is needed. The statement that ties these ideas together correctly identifies encryption at rest as protecting stored data, encryption in transit as protecting data in motion, and outlines essential key-management activities—generation, storage, rotation, access controls, and revocation. Other choices either swap the definitions, claim encryption only protects data during processing, or say the two forms are the same, which contradicts how these protections operate in different data states.

Protecting data depends on its state: when it’s stored versus when it’s moving, and how the cryptographic keys used to protect it are handled. Encryption at rest secures data that is stored on disks, databases, or backup media so that if the storage medium is accessed without authorization, the data remains unreadable. Encryption in transit secures data as it travels over networks between endpoints, guarding against eavesdropping and tampering.

Key management is the backbone that makes both forms of encryption effective. It covers generating strong keys, storing them securely (often using a hardware security module or a trusted key management service), rotating keys regularly to limit exposure after a compromise, enforcing who can access or use the keys through access controls, and revoking keys when they’re no longer trusted or when an override is needed.

The statement that ties these ideas together correctly identifies encryption at rest as protecting stored data, encryption in transit as protecting data in motion, and outlines essential key-management activities—generation, storage, rotation, access controls, and revocation. Other choices either swap the definitions, claim encryption only protects data during processing, or say the two forms are the same, which contradicts how these protections operate in different data states.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy