Full Disk Encryption (FDE) is a data protection strategy that secures data at rest. CompTIA Security+ SY0-701 defines data at rest as information stored on physical or virtual media, such as hard drives, SSDs, or removable storage. FDE encrypts the entire disk, ensuring that all files—including operating system files, user data, temporary files, and swap space—are unreadable without proper authentication.
The primary purpose of FDE is to protect data if a device is lost, stolen, or accessed without authorization. Even if an attacker removes the hard drive and attempts to read it externally, the encrypted data remains inaccessible.
Masking (A) hides sensitive fields but does not encrypt storage. Data in transit (B) applies to data moving across networks. Obfuscation (C) makes data harder to understand but is not cryptographically secure. Data sovereignty (E) relates to legal jurisdiction of data storage.
Therefore, deploying FDE directly implements protection for data at rest, making D the correct answer.
