Which of the following most securely protects data at rest?

TLS 1.2, or Transport Layer Security, is primarily designed for securing data in transit rather than data at rest. It encrypts data while it is being transferred between systems, ensuring data integrity and confidentiality during communication. However, it does not provide the necessary protection for data stored on devices, which is the focus of the question.

Masking involves obscuring specific data elements to prevent unauthorized access, typically used in non-production environments. While it can protect sensitive data by rendering it unreadable, it does not encrypt the data itself and, therefore, does not offer the same level of security as AES-256 for data that must remain secure at rest.

Salting is a technique used primarily in password storage that adds random data to passwords before hashing them, enhancing security against dictionary and rainbow table attacks. However, salting does not provide encryption for data at rest, making it unsuitable for the protection of sensitive information that needs to be securely stored.