AIncorrect
Encryption while data is moving across the network
This describes encryption in transit, which protects the communication path with TLS/SSL and the like.
Its target differs from encryption at rest, so it is incorrect.
Which option BEST describes what “encryption at rest” means?
1 / 1
Select an answer
CorrectC
Explanation
A question asking what encryption at rest means.
- 1「encryption at rest」Encryption of data while it is stored
- 2「encryption at rest」Encrypt and protect data on storage
BIncorrect
A feature to reset a password when it is forgotten
Password reset is a credential-management feature and is unrelated to data encryption.
It is not a description of encryption at rest, so it is incorrect.
CCorrect
Encrypting data while it is stored on disk or storage
Correct. Encryption at rest encrypts data while it is stored in services such as S3, EBS, and RDS, so that even if the storage or media is stolen, the contents cannot be read. It is commonly implemented using KMS keys.
DIncorrect
A feature to restrict which users can have access
Access restriction is about authorization through IAM and policies and differs from encrypting the data itself.
It is not a description of encryption at rest, so it is incorrect.
Key Takeaway
Encryption at rest = encryption of stored data; encryption in transit = encryption of data in transit (TLS). The contrast is common. Keys are managed in KMS.