When implementing extract encryption in Tableau Server, what is a crucial step to secure the data extracts stored on the server?
A.
Configuring a VPN tunnel for all data extract transfers to and from Tableau Server
B. Enabling at-rest encryption for data extracts within Tableau Server's configuration settings
C.
Implementing a network intrusion detection system to monitor extract file accesses
D. Increasing the storage capacity of the server to accommodate the additional space required by encrypted extracts
B. Enabling at-rest encryption for data extracts within Tableau Server's configuration settings
Explanation:
Why B is Correct?
At-rest encryption ensures that data extracts (.tde or .hyper files) stored on Tableau Server’s disk are unreadable without a decryption key, protecting against unauthorized access (e.g., theft, breaches).
Tableau’s Extract Encryption Guide mandates this for compliance (e.g., HIPAA, GDPR).
Why Other Options Are Incorrect?
A. VPN for transfers: Secures data in transit, not at rest (extracts are already encrypted during transfer via HTTPS).
C. Intrusion detection: Useful for monitoring but doesn’t directly encrypt extracts.
D. Increasing storage: Irrelevant—encryption adds minimal overhead (~5-10% space).
Key Steps for Secure Extract Encryption:
Generate a strong encryption key (e.g., 256-bit AES).
B is the only direct solution for securing extracts at rest. Options A/C/D address peripheral concerns but not core encryption. Always back up the encryption key separately!