A. DES (Data Encryption Standard)
DES was a groundbreaking symmetric algorithm in the 1970s, but it is now considered completely obsolete for modern security needs.

Key Size Weakness: DES uses a 56-bit key. Due to the massive increase in modern computing power, a 56-bit key can be cracked via brute force in a matter of hours.

The Evolution: While 3DES (Triple DES) was developed to extend the life of DES by applying the algorithm three times, even it is being phased out in favor of more efficient and secure alternatives like AES. In a CISSP context, DES is never the answer for "maximum security."

B. RSA (Rivest-Shamir-Adleman)
RSA is the gold standard for Asymmetric (Public Key) Cryptography, but it is fundamentally the wrong tool for "data at rest" on a large scale.

Performance Issues: Asymmetric encryption is mathematically complex and computationally "expensive." It is thousands of times slower than symmetric encryption. Using RSA to encrypt a 1TB hard drive would be impossibly slow.

The Hybrid Approach: In the real world, we use a hybrid system. RSA (or Diffie-Hellman) is used to securely exchange a symmetric key, and then that symmetric key (AES) is used to encrypt the actual data. RSA protects the "key," while AES protects the "data."

C. SHA-256 (Secure Hash Algorithm)
SHA-256 is a Cryptographic Hash Function, which is a "one-way" operation.

Integrity vs. Confidentiality: Hashing is used to provide Integrity. It creates a unique "fingerprint" of a file. If even one bit of the file changes, the hash changes.

One-Way Only: You cannot "decrypt" a hash to get the original data back. Therefore, it is impossible to use SHA-256 for data encryption because you would never be able to read your files again once they were processed.

D. AES (Advanced Encryption Standard)
AES is the most widely used symmetric encryption algorithm in the world today and is the US government standard for protecting classified information.

Efficiency: Because it is a symmetric algorithm (using the same key for encryption and decryption), it is incredibly fast and can be implemented in hardware (AES-NI) for near-instant performance on modern CPUs.

Security Strength: It supports key lengths of 128, 192, and 256 bits. AES-256 is currently considered "quantum-resistant" and would take billions of years to crack using current brute-force technology.

Industry Standard: Whether you are encrypting a laptop hard drive (BitLocker/FileVault) or a cloud database, AES is the definitive choice for data at rest.

Key Takeaway for the CISSP Exam

• Cryptographic Roles: > * Symmetric (AES): Best for bulk data encryption (Data at rest/Data in motion).
• Asymmetric (RSA/ECC): Best for key exchange and digital signatures.
• Hashing (SHA): Best for integrity (verifying the file hasn't changed).