Your company will soon start moving critical systems into Oracle Cloud Infrastructure (OCI) platform.
These systems will reside in the us-phoenix-1 and us- ashburn-1 regions.
As part of the migration planning, you are reviewing the company's existing security policies and written guidelines for the OCI platform usage within the company.
Your security processes for critical systems require that all data is encrypted at rest using Customer-Managed Keys.
Which two options ensure compliance with this policy? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.AB.
https://docs.cloud.oracle.com/en-us/iaas/Content/Block/Concepts/overview.htmSure, I'd be happy to help explain the options and which ones ensure compliance with the policy of encrypting all data at rest using Customer-Managed Keys.
Option A states that there are no additional actions needed since OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption. This option is correct as it ensures that all data stored in the OCI Block Volume service is encrypted using AES 256-bit encryption, which meets the policy requirement for encrypting all data at rest. Therefore, option A is one of the correct options.
Option B states that when creating a new OCI Object Storage bucket through the OCI console, you need to choose the "ENCRYPT USING CUSTOMER-MANAGED KEYS" option. This option is also correct since it ensures that the data stored in the bucket is encrypted using customer-managed keys. Therefore, option B is the other correct option.
Option C states that when creating a new block volume through the OCI console, you should select the "Encrypt using Customer-Managed Keys" checkbox and use encryption keys generated and stored in OCI Vault. This option is correct as well since it ensures that the block volume data is encrypted using customer-managed keys. Therefore, option C is also a correct option.
Option D suggests using the default options for configuring the boot volume when creating a new compute instance through the OCI console. This option is not related to encrypting data at rest and does not meet the policy requirement. Therefore, option D is not a correct option.
Option E suggests using the default shape when creating a new compute instance through the OCI console. This option is also not related to encrypting data at rest and does not meet the policy requirement. Therefore, option E is not a correct option.
In summary, the correct options that ensure compliance with the policy of encrypting all data at rest using Customer-Managed Keys are options A and B. Option C is also a correct option.