Data at restrefers to information that isstoredrather than actively moving across networks or being actively processed. This includes data saved on laptops and mobile devices, servers, databases, file shares, removable media, backup tapes, storage arrays, and cloud storage services. Because it sits in storage, the main risks involveunauthorized access(improper permissions, stolen credentials, insider misuse),theft or loss of devices/media, andmisconfiguration(publicly exposed storage buckets, overly broad shared drives). Data at rest is also at risk when systems are decommissioned or storage is reused without secure wiping.

Cybersecurity documents emphasize protecting data at rest using layered controls.Encryption at restensures stored files or database records remain unreadable without the proper key, reducing impact if storage is stolen or accessed improperly. Strongaccess controlandleast privilegelimit who can read or modify stored data, whilesegmentationand secure configuration reduce exposure pathways. Properkey management(separating keys from encrypted data, rotating keys, restricting key access) is critical so encryption meaningfully reduces risk. Additional controls includedata classification and handling rules, secure backups (including immutable or protected backups), monitoring and audit logging for sensitive repositories, and secure disposal practices such as cryptographic erase or verified wiping.

Options A and B describedata in transit, not at rest. Option D is incorrect because stored data is not automatically less vulnerable; it is often highly attractive to attackers, so it requires deliberate protection.