CompTIA Cloud+ (CV1-003) — Question 5

A systems administrator is informed that a database server containing PHI and PII is unencrypted. The environment does not support VM encryption, nor does it have a key management system. The server needs to be able to be rebooted for patching without manual intervention.
Which of the following will BEST resolve this issue?

Answer options

• A. Ensure all database queries are encrypted
• B. Create an IPSec tunnel between the database server and its clients
• C. Enable protocol encryption between the storage and the hypervisor
• D. Enable volume encryption on the storage
• E. Enable OS encryption

Correct answer: C

Explanation

Enabling protocol encryption between the storage and the hypervisor is the best option as it secures data at rest and allows for automated patching without manual intervention. The other options either do not provide the necessary encryption for the data at rest or could complicate the process of rebooting the server for maintenance.