Which pairing correctly describes encryption in transit and at rest with typical protocols and key management considerations?

Data security hinges on protecting information both as it travels and when it’s stored. For data in transit, TLS/SSL is the standard to encrypt the communication channel and ensure data isn’t eavesdropped or tampered with. For data at rest, strong symmetric encryption like AES is used to protect stored data, with AES-256 being a common, high-security option. Key management is essential: keys should live in dedicated, secure systems such as a Key Management Service or hardware security modules, with rotation and strict access controls to minimize risk of exposure or misuse. This combination—TLS/SSL for transit, AES-256 for at rest, and keys managed with KMS/HSMs plus rotation and access controls—best matches typical protocols and robust key lifecycle practices. Other options rely on weaker or deprecated algorithms, less secure transport methods, or omit key rotation and access controls, making them less suitable.