In AP Cybersecurity, data at rest is data stored on a device or drive (files, databases, backups) that isn't currently moving or being processed. Its biggest vulnerability: if it's unencrypted and an adversary gets access to the storage, they can read it.
Data at rest is data that's just sitting there in storage. Think files on a hard drive, records in a database, photos on a phone, or backups on a server. It's not traveling across a network and it's not actively being used by a program at that moment. It's parked.
The core danger with data at rest comes straight from EK 5.1.A.1: an adversary who gets access to the device or drive can read any unencrypted files stored on it. That's the whole problem. If a laptop is stolen or a server is breached and the data isn't encrypted, the attacker just opens the files. This is why encryption at rest matters so much. Weak access control (EK 5.1.A.3) and a compromised account with admin privileges (EK 5.1.A.2) make it even worse, because elevated privileges hand an adversary the keys to whatever is stored on the system.
Data at rest lives in Unit 5: Securing Applications and Data, specifically Topic 5.1. It directly supports learning objective AP Cybersecurity 5.1.A (how adversaries exploit file vulnerabilities) and AP Cybersecurity 5.1.C (assessing and documenting data risks). The CED's whole framing of file vulnerability starts here: unencrypted stored data is the easiest win for an attacker who already has access. When you assess risk using the CIA triad from EK 5.1.C.1, data at rest is where a confidentiality breach usually happens, since reading stored files is what exposes sensitive data to unauthorized people.
Keep studying AP Cybersecurity Unit 5
Visual cheatsheet
view galleryData in Transit and Data in Use (Unit 5)
These three are the lifecycle of data. At rest means stored, in transit means moving across a network, and in use means actively being processed by a program. Each state needs different protection, and data at rest is the one you defend mainly with encryption on the drive.
PII, PHI, and PCI (Unit 5)
These are exactly the kinds of highly sensitive, legally regulated data EK 5.1.C.2 warns about. When that data sits at rest unencrypted, you've got a high-risk situation, because a likely exploit (someone accessing the drive) meets data that laws actually protect.
Access Control and Admin Privileges (Unit 5)
Encryption isn't the only thing standing between an adversary and your stored files. EK 5.1.A.2 and 5.1.A.3 show that weak permissions or a hijacked admin account let an attacker reach data at rest even when other defenses exist.
Expect data at rest to show up in MCQ stems that describe a scenario, like a stolen laptop or a breached server, and ask what makes the stored files vulnerable. The answer almost always points back to EK 5.1.A.1: the files weren't encrypted. You may also need to use it in a risk assessment under AP Cybersecurity 5.1.C, where you'd connect unencrypted stored sensitive data to a confidentiality compromise using the CIA triad. No released FRQ has used the exact phrase, but the concept supports the kind of vulnerability analysis Topic 5.1 questions reward, so be ready to recommend encryption at rest as a control.
Data at rest is stored and not moving; data in transit is actively crossing a network (like a file being uploaded or an email being sent). You protect data at rest mostly with disk or file encryption, while data in transit is protected with encrypted connections so it can't be intercepted mid-journey.
Data at rest is data sitting in storage on a device or drive, not moving and not being processed.
The biggest vulnerability is that an adversary with access to the storage can read any unencrypted files (EK 5.1.A.1), which is why encryption at rest is the main defense.
It's one of three data states alongside data in transit (moving) and data in use (being processed), and each needs its own protection.
Weak access controls or a compromised admin account can expose data at rest even when other safeguards exist (EK 5.1.A.2, 5.1.A.3).
On a risk assessment, unencrypted sensitive data at rest is a confidentiality risk under the CIA triad and is high-risk when the data is legally regulated like PII, PHI, or PCI.
It's data stored on a device or drive (files, databases, backups) that isn't currently moving across a network or being processed. Per EK 5.1.A.1, its key risk is that anyone with access to the storage can read it if it's unencrypted.
Much less so. Encryption is the main defense for data at rest, because an adversary who reaches the drive can't read the files without the key. But weak access controls or a stolen admin account (EK 5.1.A.2, 5.1.A.3) can still create exposure, so encryption isn't a complete fix on its own.
Data at rest is stored and not moving, so you protect it with disk or file encryption. Data in transit is actively crossing a network, so you protect it with encrypted connections to stop interception. Same data, different state, different defense.
Because EK 5.1.A.1 makes it the easiest attack: no clever exploit needed, just access to the drive. In a risk assessment under AP Cybersecurity 5.1.C, unencrypted sensitive data at rest maps directly to a confidentiality compromise in the CIA triad.
PII, PHI, and PCI are exactly the regulated, highly sensitive data EK 5.1.C.2 flags as high-risk. When that data sits at rest unencrypted, a likely exploit meets legally protected data, which is the worst-case scenario for a risk assessment.
Connect this key term to the AP exam workflow: review the course, practice questions, and check related study tools.