Which of the following best describes encryption at rest in a system?
Think about when data is saved and not moving.
Encryption at rest means data is encrypted when stored on disks or databases to protect it if storage is compromised.
Which encryption method is most appropriate for securing data in transit between client and server?
Consider how data moves between devices over the network.
TLS encrypts data as it travels over the network, protecting it from eavesdropping or tampering.
In a large distributed system with thousands of servers, what is the best practice to manage encryption keys for data at rest?
Think about security and ease of key rotation across many servers.
A centralized KMS allows secure storage, controlled access, and automated key rotation, which is critical at scale.
Which statement best describes a common tradeoff when implementing encryption at rest and in transit?
Consider how encryption affects system resources and speed.
Encryption requires extra processing, which can slow down systems, but it protects data from unauthorized access.
A web service processes 10,000 requests per second. Enabling TLS encryption adds 5ms latency per request due to handshake and encryption overhead. What is the approximate maximum throughput (requests per second) after enabling TLS?
Calculate how added latency affects requests per second capacity.
Each request now takes 5ms longer. Since 1 second = 1000ms, max requests = 1000ms / 5ms = 200 requests per thread. But original throughput was 10,000 req/s, so system likely has concurrency. Assuming linear scaling, throughput reduces roughly by factor of 5ms added latency.