You are the security administrator for your company. You are required to implement a solution that will provide the highest level of confidentiality possible to all data on the network. Two-factor token and biometric-based authentication is implemented for all users. Administrator-level accounts are tightly controlled and issued separately to each user needing administrative access. Auditing is

enabled to log all transactions. All hard drives are protected using full disk encryption. All resources have access control lists (ACLs) that can only be changed by an administrator. All server resources are virtualized. LUN masking is implemented to segregate storage area network (SAN) data. All switches are configured with port security. The network is protected with a firewall using ACLs, a NIPS device, and secured wireless access points. You need to improve the current architecture to provide the stated goal. What should you do?

A. Implement transport encryption.
B. Implement MAC filtering on all network devices.
C. Implement data-at-rest encryption.
D. Implement PKI authorization.

A
Explanation: You should implement transport encryption to provide the highest level of confidentiality possible for all data on the network.
MAC filtering prevents or allows users to connect to a network based on the MAC address of the device they are using. Data-at-rest encryption is already implemented on the hard drives. PKI authorization would just authorize users to access resources. PKI does not provide encryption for data as it is transmitted over then network.