Which three statements are true about the keystore storage framework for transparent data
encryption?
A.
It facilitates and helps to enforce keystore backup requirements.
B.
It handles encrypted data without modifying applications.
C.
It enables a keystore to be stored only in a file on a file system.
D.
It enables separation of duties between the database administrator and the security
administrator.
E.
It transparently decrypts data for the database users and applications that access this
data.
F.
It helps to track encryption keys and implement requirements such as keystore password
rotation and master encryption key reset or re-key operations.
Explanation:
Reference:http://oradb-srv.wlv.ac.uk/E16655_01/network.121/e17729/asotrans.htm#CHDEABCA
(benefits of the keystore storage framework)
sabra judas
A,D,F
http://docs.oracle.com/database/121/ASOAG/GUID-62AA9447-FDCD-4A4C-B563-32DE04D55952.htm#GUID-2D6C5B27-8E6A-4EF7-AABF-B0FB031C8374
Benefits of the Keystore Storage Framework
The key management framework provides several benefits for Transparent Data Encryption.
– Enables separation of duty between the database administrator and the security administrator who manages the keys. You can grant the ADMINISTER KEY MANAGEMENT or SYSKM privilege to users who are responsible for managing the keystore and key operations.
– Facilitates compliance, because it helps you to track encryption keys and implement requirements such as keystore password rotation and TDE master encryption key reset or rekey operations.
– Facilitates and helps enforce keystore backup requirements. A backup is a copy of the password-based software keystore that is created for all of the critical keystore operations.
– You must make a backup of the keystore for all of the critical keystore operations. You must also make a backup of the TDE master encryption key before you reset or rekey this TDE master encryption key.
– Enables the keystore to be stored on an ASM file system. This is particularly useful for Oracle Real Application Clusters (Oracle RAC) environments where database instances share a unified file system view.
– Enables reverse migration from a Hardware Security Module (HSM) keystore to a file system-based software keystore. This option is useful if you must migrate back to a software keystore.
AEF
After the data is encrypted, this data is transparently decrypted for authorized users or applications when they access this data.
Steve, D also is correct, is it not? This is confusing. Why not D?
Steve, the question is about the keystore storage framework not about: Transparent Data Encryption Tablespace Encryption.
If you keep this in mind than I would choose for F:
Facilitates compliance, because it helps you to track encryption keys and implement requirements such as keystore password rotation and TDE master encryption key reset or rekey operations.
Sorry I mean choose for D:
Enables separation of duty between the database administrator and the security administrator who manages the keys. You can grant the ADMINISTER KEY MANAGEMENT or SYSKM privilege to users who are responsible for managing the keystore and key operations.
So my final answer is ADF
ADF
Benefits of the Keystore Storage Framework
https://docs.oracle.com/cloud/latest/db121/ASOAG/asotrans.htm#CIHIEBDB
A,D,F
E. Correct
Data is transparently decrypted for database users and applications that access this data. Database users and applications do not need to be aware that the data they are accessing is stored in encrypted form.
https://docs.oracle.com/cloud/latest/db121/ASOAG/asotrans.htm#ASOAG10271
It should have 4 answers.
AEDF
D is here
Enables separation of duty between the database administrator and the security administrator who manages the keys. You can grant the ADMINISTER KEY MANAGEMENT or SYSKM privilege to users who are responsible for managing the keystore and key operations.
https://docs.oracle.com/cloud/latest/db121/ASOAG/asotrans.htm#CIHIEBDB
F is here
Facilitates compliance, because it helps you to track encryption keys and implement requirements such as keystore password rotation and TDE master encryption key reset or rekey operations.
A is here
Facilitates and helps enforce keystore backup requirements. A backup is a copy of the password-based software keystore that is created for all of the critical keystore operations.
E is here
Data is transparently decrypted for database users and applications that access this data. Database users and applications do not need to be aware that the data they are accessing is stored in encrypted form.
Sorry. Not E. the question ask benefits of keystore from TDE not benefits of TDE. So E is not correct.
A,D,F
ADF
https://docs.oracle.com/cd/E49329_01/network.121/b71313/asotrans.htm
ADF