Which of the following statements is true about the Oracle Cloud Infrastructure (OCI) Object Storage server-side encryption?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
https://docs.cloud.oracle.com/en-us/iaas/Content/Object/Tasks/usingyourencryptionkeys.htmOracle Cloud Infrastructure (OCI) Object Storage server-side encryption is a feature that allows customers to encrypt their data stored in OCI Object Storage. Let's go through each option to determine which statement is true:
A. Encryption of data encryption keys with a master encryption key is optional. This statement is false. When server-side encryption is enabled, the data encryption keys are always encrypted with a master encryption key that is managed by OCI. This ensures that even if an attacker gains access to the encrypted data encryption key, they cannot decrypt the data without also having access to the master encryption key.
B. Customer-provided encryption keys are always stored in OCI Vault service. This statement is false. Customers can choose to use OCI Vault service to store their own encryption keys, but it is not a requirement. If customers choose to use their own encryption keys, they are responsible for managing and storing the keys securely.
C. Encryption is enabled by default and cannot be turned off. This statement is false. Encryption is not enabled by default for OCI Object Storage. Customers must enable server-side encryption on a per-bucket basis. Customers can also choose to disable server-side encryption if they no longer need it.
D. Each object in a bucket is always encrypted with the same data encryption key. This statement is false. When server-side encryption is enabled, each object is encrypted with a unique data encryption key. This adds an additional layer of security because if an attacker gains access to one encrypted object, they cannot use that information to decrypt other objects in the same bucket.
Therefore, the correct statement is none of the above, as all four statements are false.