Comparing Transparent Data Encryption (TDE) column-based encryption and Transparent Data
Encryption (TDE) tablespace-based encryption, which of the following statements is true?
A.
With Transparent Data Encryption (TDE) column-based encryption, you cannot change the master
encryption key with an ALTER SYSTEM command.
B.
With TDE column-based encryption, you cannot prevent encrypted data from having the same
distribution of characters that it has unencrypted.
C.
With Transparent Data Encryption (TDE) tablespace-based encryption, performance is generally
worse than column-based encryption, because encryption is done at the I/O level.
D.
With TDE tablespace-based encryption, data in the UNDO tablespace is encrypted.
E.
With TDE tablespace-based encryption, data blocks that come from an encrypted tablespace are
stored unencrypted in temporary tables.
Explanation:
TDE column encryption affects performance only when data is retrieved from or inserted into an
encrypted column.
The total performance overhead depends on the number of encrypted columns and their frequency
of access. The columns most appropriate for encryption are those containing the most sensitive
data.
Enabling encryption on an existing table results in a full table update like any other ALTER TABLE
operation that modifies table characteristics. Administrators should keep in mind the potential
performance and redo log impact on the database server before enabling encryption on a large
existing table.
A table can temporarily become inaccessible for write operations while encryption is being enabled,
table keys are being rekeyed, or the encryption algorithm is being changed.