Which is encryption at rest vs in transit?

The main idea is distinguishing where the encryption is applied: data at rest vs data in transit. Data at rest is encryption applied to data while it’s stored on a device or medium, protecting it if the storage is accessed by someone who shouldn’t have access. Full-disk encryption is a classic example because it encrypts the entire disk, so without the proper key, the stored data remains unreadable even if the disk is taken offline or stolen. In contrast, encryption in transit protects data as it moves over a network. TLS guards web traffic between a browser and a server, IPsec protects IP traffic between hosts or networks, and email encryption in transit protects messages while they’re being transmitted. Since the question asks which protects stored data, full-disk encryption is the correct choice.