Certified Information Systems Security Professional (CISSP) — Question 102

A firm within the defense industry has been directed to comply with contractual requirements for encryption of a government client's Controlled Unclassified
Information (CUI). What encryption strategy represents how to protect data at rest in the MOST efficient and cost-effective manner?

Answer options

• A. Perform logical separation of program information, using virtualized storage solutions with encryption management in the back-end disk systems
• B. Perform logical separation of program information, using virtualized storage solutions with built-in encryption at the virtualization layer
• C. Perform physical separation of program information and encrypt only information deemed critical by the defense client
• D. Implement data at rest encryption across the entire storage area network (SAN)

Correct answer: B

Explanation

Option B is correct because utilizing virtualized storage solutions with built-in encryption at the virtualization layer is both efficient and cost-effective, allowing seamless integration and management of encryption. Option A relies on back-end encryption management, which may introduce complexities and costs. Option C limits encryption to only critical information, potentially leaving other sensitive data unprotected. Option D, while comprehensive, may be overly broad and costly for the specific requirements at hand.