Which TWO are effective strategies for securing cloud application data at rest?
File-level encryption encrypts individual files or directories, protecting data at rest.
Why this answer
File-level encryption (C) encrypts individual files or directories, ensuring that data at rest remains protected even if the underlying storage is compromised. This is a direct data-at-rest security control because it applies cryptographic protection to the data itself, independent of the storage layer. Transparent data encryption (D) encrypts data at the database level, typically at the page or file level, without requiring changes to the application, making it another effective strategy for securing data at rest.
Exam trap
ISC2 often tests the distinction between access control (RBAC) and encryption, where candidates mistakenly think that restricting access is sufficient to secure data at rest, ignoring that encryption is required to protect against physical theft or unauthorized storage-level access.