You created an encrypted tablespace:
You then closed the encryption wallet because you were advised that this is secure.
Later in the day, you attempt to create the EMPLOYEES table in the SECURESPACE tablespace
with the SALT option on the EMPLOYEE column.
Which is true about the result?
A.
It creates the table successfully but does not encrypt any inserted data in the EMPNAME
column because the wallet must be opened to encrypt columns with SALT.
B.
It generates an error when creating the table because the wallet is closed.
C.
It creates the table successfully, and encrypts any inserted data in the EMPNAME column
because the wallet needs to be open only for tablespace creation.
D.
It generates error when creating the table, because the salt option cannot be used with
encrypted tablespaces.
Explanation:
* The environment setup for tablespace encryption is the same as that for transparent data
encryption. Before attempting to create an encrypted tablespace, a wallet must be created to hold
the encryption key.* Setting the tablespace master encryption key is a one-time activity. This creates the master
encryption key for tablespace encryption. This key is stored in an external security module (Oracle
wallet) and is used to encrypt the tablespace encryption keys.
* Before you can create an encrypted tablespace, the Oracle wallet containing the tablespace
master encryption key must be open. The wallet must also be open before you can access data in
an encrypted tablespace.
* Salt is a way to strengthen the security of encrypted data. It is a random string added to the data
before it is encrypted, causing repetition of text in the clear to appear different when encrypted.
Salt removes the one common method attackers use to steal data, namely, matching patterns of
encrypted text.
* ALT | NO SALT By default the database appends a random string, called “salt,” to the clear text
of the column before encrypting it. This default behavior imposes some limitations on encrypted
columns:
/ If you specify SALT during column encryption, then the database does not compress the data in
the encrypted column even if you specify table compression for the table. However, the database
does compress data in unencrypted columns and encrypted columns without the SALT parameter.
C Is wrong.
Correct answer is B, because when you are using an encrypted tablespace if you try to create something in it, the first step that database execute is check if the wallet is open, and if is not open then raise the error: ORA-28365: wallet is not open.
Also, if the wallet would be open, the correct answer must be D because salt option is for column encryption and cannot be used with tablespace encryption.
Where I could find documents about “salt option cannot be sued with tablespace encryption”? I only find it’s said salt cannot be used with indexed column/constraint column
Correct answer should be B
C
B is correct. D : SALT option can be used on encrypted TS if wallet open .
Tested in 12c B is the right answer
Yes B is the correct answer.
I think b is correct.
According to website http://docs.oracle.com/cd/B28359_01/network.111/b28530/asotrans.htm#CJACFCDG
“You need to make sure that the Oracle wallet is open before you can perform any encryption or decryption operation. Use the following command to open the wallet containing the master encryption key:
ALTER SYSTEM SET WALLET OPEN IDENTIFIED BY “welcome1”;
“
B – OK
Wallet in O12 change name to keystore !!!
The following data operations will fail if the keystore is not accessible:
SELECT data from an encrypted column
INSERT data into on an encrypted column
CREATE a table with encrypted columns
CREATE an encrypted tablespace
https://docs.oracle.com/database/121/ASOAG/asotrans_mgr.htm#ASOAG10321
B
About Closing Keystores
After you open a keystore, it remains open until you shut down the database instance. When you restart the database instance, then auto-login and local auto-login software keystores automatically open when required (that is, when the TDE master encryption key must be accessed). However, software password-based and hardware keystores do not automatically open. You must manually open them again before you can use them.
When you close a software or hardware keystore, you disable all of the encryption and decryption operations on the database. Hence, a database user or application cannot perform any operation involving encrypted data until the keystore is reopened.
When you re-open a keystore after closing it, the keystore contents are reloaded back into the database. Thus, if the contents had been modified (such as during a migration), the database will have the latest keystore contents.
Answer: B
B – Correct answer.
D – Commenter (R) in the very first posted discussion mentions D as the correct answer if the keystore (wallet) were to be open. This WAS NOT the case when tested in 12c. SALT option is not allowed as an option when creating an ENCRYPTED TABLESPACE. A table’s column(s) CAN BE ENCRYPTED with SALT option (SALT is default option) in an ENCRYPTED TABLESPACE. I have tested this. A table can with encrypted columns can be moved into or created in an ENCRYPTED TABLESPACE with out any errors.
SQL> insert into test
2 values
3 (‘Is the wallet open?’);
insert into test
*
ERROR at line 1:
ORA-28365: wallet is not open
ANSWER is B
It generates an error when creating the table because the wallet is closed.
Answer is A.
It creates the table successfully but does not encrypt any inserted data in the EMPNAME
column because the wallet must be opened to encrypt columns with SALT.
I tried this option in 11g.
B
B
B
B is correct.
TESTED
The answer correct this B or D:
SQL> CREATE TABLESPACE securespace DATAFILE ‘D:\app\DB-SYSTEM\oradata\db12c\secu
re01.dbf’ SIZE 150M ENCRYPTION USING ‘EDES168’ DEFAULT STORAGE(ENCRYPT);
CREATE TABLESPACE securespace DATAFILE ‘D:\app\DB-SYSTEM\oradata\db12c\secure01.
dbf’ SIZE 150M ENCRYPTION USING ‘EDES168’ DEFAULT STORAGE(ENCRYPT)
*
ERROR en lÝnea 1:
ORA-28339: falta el algoritmo de cifrado o no es vßlido
http://www.oracle.com/technetwork/testcontent/o19tte-086996.html