You created an encrypted tablespace:
You then closed the encryption wallet because you were advised that this is secure.
Later in the day, you attempt to create the EMPLOYEES table in the SECURESPACE tablespace
with the SALT option on the EMPLOYEE column.
Which is true about the result?
A.
It creates the table successfully but does not encrypt any inserted data in the EMPNAME
column because the wallet must be opened to encrypt columns with SALT.
B.
It generates an error when creating the table because the wallet is closed.
C.
It creates the table successfully, and encrypts any inserted data in the EMPNAME column
because the wallet needs to be open only for tablespace creation.
D.
It generates error when creating the table, because the salt option cannot be used with
encrypted tablespaces.
Explanation:
* The environment setup for tablespace encryption is the same as that for transparent data
encryption. Before attempting to create an encrypted tablespace, a wallet must be created to holdthe encryption key.
* Setting the tablespace master encryption key is a one-time activity. This creates the master
encryption key for tablespace encryption. This key is stored in an external security module (Oracle
wallet) and is used to encrypt the tablespace encryption keys.
* Before you can create an encrypted tablespace, the Oracle wallet containing the tablespace
master encryption key must be open. The wallet must also be open before you can access data in
an encrypted tablespace.
* Salt is a way to strengthen the security of encrypted data. It is a random string added to the data
before it is encrypted, causing repetition of text in the clear to appear different when encrypted.
Salt removes the one common method attackers use to steal data, namely, matching patterns of
encrypted text.
* ALT | NO SALT By default the database appends a random string, called “salt,” to the clear text
of the column before encrypting it. This default behavior imposes some limitations on encrypted
columns:
/ If you specify SALT during column encryption, then the database does not compress the data in
the encrypted column even if you specify table compression for the table. However, the database
does compress data in unencrypted columns and encrypted columns without the SALT parameter.
B
B
The Answer Correct this B:
http://www.oracle.com/technetwork/testcontent/o19tte-086996.html
Tablespace Encryption Setup
Let’s look at how to set up TDE tablespace encryption, using a file-based wallet. Note that the compatibility of the database must be set to 11.1 or higher. First, if you don’t have one, create the wallet:
1. Make sure the ORACLE_BASE variable has been set. If it has not, set it by issuing
$ export ORACLE_BASE=/opt/oracle
2. Change to the ORACLE_BASE directory and then to the admin subdirectory for that instance. In my case, the instance is named prolin1, so I issue
$ cd $ORACLE_BASE/admin/prolin1
3. Create a directory called “wallet” to hold the wallet:
$ mkdir wallet
4. Create the wallet, along with a secure password, preferably containing a mix of alphanumeric characters, such as “T45rustMe54”:
$ sqlplus / as sysdba
SQL> alter system set encryption key
identified by “T45rustMe54”;
The password is case-sensitive.
The preceding step will create the wallet as well as open it. You need to create the wallet only once. After the database is opened, the wallet remains open until either the wallet is explicitly closed or the database is shut down, at which time the wallet automatically closes. You can reopen this wallet after the database is restarted, by using
SQL> alter system set wallet open
identified by “T45rustMe54”;
System altered.
Now that the wallet is set up, you can create the encrypted tablespace.