Pass your certification exam. Faster. Guaranteed.

Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.


Comprehensive practice exam engine!

  • Unlimited access to thousands of practice questions
  • Exam readiness score
  • Smart reinforcement


All features in the FREE plan, plus:

  • Focused training ensures 100% exam readiness
  • Personalized learning plan
  • Align exam engine to your current baseline knowledge
  • Eliminate wasted study time
  • Exam pass guarantee
  • And much more

Protecting Data at Rest Transcription

Welcome to our protecting data at rest module. We protect data at rest by using encryption. This helps us ensure the confidentiality of our data, while it is stored on a device, such as a thumb drive, a hard drive, perhaps a CD or DVD, or a backup tape. Our concern here to make sure that the data is secured in case an unauthorized individual is able to gain access to the physical media.

Symmetric encryption is the fastest and most efficient way to encrypt large amounts of data, and we typically use AES encryption for this process. Full disc encryption or whole disc encryption allows you to apply encryption to an entire disc or entire partition. Windows EFS, or Encrypting File System, is an NTFS protection mechanism that is inadequate and should not be used to enhance your security.

Windows BitLocker is a hardware enabled encryption feature that is able to encrypt entire partitions for your entire Windows volume. And this is included with Windows 7 Enterprise Ultimate, Windows Vista Business edition. And it's also included with Windows 8 and 10 in the professional versions as well. With Bitlocker, you have the option of using a TPM, or trusted platform module.

A TPM chip on the motherboard of your computer allows you to securely store encryption keys. Cloud computing is becoming quite popular and it is very important to make sure that you encrypt data before you store it in the cloud. When you do store the data in the cloud, you should make sure that you control the encryption keys and that the service provider you are giving your data to does not have a copy of the encryption key.

This way you can be confident that the provider is not able to review the data that you stored on their service. You also have to be concerned with data remnants, or data that is left behind once you leave that service provider. You want to make sure that a new customer who was assigned that same storage medium is not able to view the data that you previously stored there and that's why it's important to encrypt the data before storing it.

It is also important to encrypt data before you transmit it across the internet, which is known as data in motion encryption to ensure that it is not intercepted by an unauthorized party while it is in transit. The Trusted Platform Module, or TPM chip, is a chip on your motherboard that supports encryption.

It supports full disk encryption using symmetric keys, meaning that it can encrypt all of the data in the hard drive, including the data that's used to boot the computer. It also allows you to encrypt disk volumes and removable media, such as USB flash drives. It uses a hard wire based pseudo random number generator to create a symmetric key. It also lets you store symmetric keys for disk encryption, such as BitLocker. And when we use data at rest encryption, we're typically reusing the symmetric keys for a long period of time, which makes in critical to ensure that no one is able to obtain these keys. Otherwise, they would be able to access all of our data.

Firmware that is part of the BIOS, allows us to store data on the TMP chip, including our encryption keys. There are also software products that will use the trusted platform module to compare keys and authenticate hardware devices. You will most likely see the trusted platform module on the CISSP exam.

And you will most likely be asked about the device that allows you to store encryption keys. And that is the trusted platform module, or TPM chip. In order to properly secure our data at rest, we typically used AES, or Advanced Encryption Standard. We must make sure that the keys we use to encrypt our system are secure and we do not share them with any unauthorized individuals.

If someone is able to obtain the key, they are able to decrypt the data and therefore breach our confidentiality. With AES, we use static 128 bit or 256 bit keys. The user does not have to remember a 256 bit key and enter it in as hexadecimal characters. They simply enter a password and a proprietary hashing algorithm will transfer their password into the encryption key and allow access to the data.

When you're using file or folder level encryption and you move that data to another device, the data will remain encrypted. However, if you're using full disc encryption and you move files to an un- encrypted device, that data will not remain encrypted. So you have to make sure that wherever you're moving the data to, such as a USB flash drive or an external hard drive, is also encrypted to ensure the confidentiality of your data.

When we talk about removable media, like USB flash drives, it's very important to protect this data as well. The data should be physically labelled with the title, the data owner's name, and the date of encryption. You should also make sure that data is stored securely, such as in a secure vault or a safe, where individuals will not be able to access it.

You want to make sure that you have a database with the physical locations of these devices, in case you need to retrieve them you'll know where they're located. And you should also test the data that you're storing to make sure that you can decrypt it, because if the data is not able to be decrypted, then it is essentially useless.

Before you reuse a piece of media, such as a USB flash drive or a portable hard drive, you want to make sure that you securely erase or wipe the drive to avoid data remnants. Date remnants means that a portion of the previous data would still be recoverable until it is overwritten.

So, that is why we want to overwrite that data so that whoever the new user is that gets the device is not able to recover that secured data that they should not have access to. There are several types of encryption and decryption tools that we can use to provide for enhanced security.

Self-encrypting USB drives do not require you to install any software. The downfall with these drives is that if you take something off the drive, it is no longer protected. And these drives typically use a password. When you plug in the device, a message will appear on the screen asking you to enter the password to unlock the drive.

And some of these devices even have a PIN pad on the physical device and you can manually enter a code and that will unlock the device. You can also use encryption software to encrypt your media, at either the file level or the folder level, or even the entire disc, to protect your external media, like CDs, DVDs, hard drives, and USB flash drives.

You want to be familiar with how your software operates. Because when you transfer data off of your media, it may be automatically decrypted and therefore no longer protected. We can also use file or folder level encryption software using AES. And this is transferable encryption for specific files. This would allow you to transfer encrypted files, and only those who have the proper key will be able to unlock the files and access the content.

This concludes our protecting data at rest module. Thank you for watching.

Included in all plans.

1000's of practice test questions

Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.

Exam Readiness Score

Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.

Smart Reinforcement

Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.

THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!

PRO Membership Benefits.

Personalized Learning Plan

Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.

Exam Pass Guarantee

Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.

Eliminate Wasted Study Time

Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.

Coming Soon - Simulated Exam

More PRO benefits are being built all the time!