Which two statements are TRUE about Object Storage data security and encryption in Oracle Cloud Infrastructure (OCI)? (Choose two.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.AD.
The correct options are A and D.
A) Client-side encryption is managed by the customer: Oracle Cloud Infrastructure (OCI) Object Storage provides a client-side encryption feature where the customer can manage the encryption and decryption of their data. The customer controls the encryption keys, and the data is encrypted before it is uploaded to the Object Storage service. This approach ensures that the data is secure, even if it is intercepted during transit or storage.
B) Data needs to be decrypted on the client side before retrieving it: This statement is false. Object Storage provides server-side encryption of data, which means that the data is decrypted by the Object Storage service when it is retrieved. The customer does not need to decrypt the data on the client side.
C) OCI Vault Management is used by default to provide data security: This statement is false. OCI Vault Management is a separate service that provides key management and secret management services. It is not used by default to provide data security for Object Storage. However, customers can use OCI Vault Management to manage their encryption keys if they prefer.
D) All traffic to and from Object Storage service is encrypted using TLS: This statement is true. Object Storage provides Transport Layer Security (TLS) encryption for all traffic to and from the service. This ensures that data is protected during transit and storage.
E) A VPN connection to OCI is required to ensure secure data transfer to an object storage bucket: This statement is false. A VPN connection is not required to transfer data to an Object Storage bucket. Object Storage provides a REST API and an SDK that can be used to transfer data securely over the internet. Additionally, Object Storage supports HTTPS and TLS for secure communication.