Which three statements are true about ASM Cloud File System (ACFS) encryption?

Which three statements are true about ASM Cloud File System (ACFS) encryption?

Which three statements are true about ASM Cloud File System (ACFS) encryption?

A.
A copy of an encrypted file is not encrypted unless it is created in an encrypted directory.

B.
acfsutil encr init is used to establish role separation between encryption managers and encryption auditors.

C.
acfsutil encr off can be run by an encryption manager who may not have system administrator privileges.

D.
acfsutil encr on can be used to specify the encryption key length for a directory or file.

E.
An ACFS snapshot can be ACFS encrypted.

Explanation:

acfsutil encr on –k key_length specifies the encryption key length for a directory or file.
Incorrect Answers:
B: The acfsutil encr init command creates storage for encryption keys.
C: Only an administrator can run the acfsutil encr off command on an Oracle ACFS file system.
https://docs.oracle.com/cd/E11882_01/server.112/e18951/asmfs_util009.htm#OSTMG94010

Show Hint

Leave a Reply 3

Your email address will not be published. Required fields are marked *

ziad abuqasem

ziad abuqasem

The basic steps to manage encryption are:
1. Initialize encryption. Run the acfsutil encr init command to initialize encryption and create the storage necessary for the encryption keys. This command must be run one time for each cluster on which encryption is set up. For example, to initialize encryption for a cluster:
# /sbin/acfsutil encr init
This must be run before any other encryption command and requires root privileges to run.
2. Set encryption parameters. Run acfsutil encr set to set the encryption parameters
for the entire ACFS file system. For example, the following command sets the AES encryption algorithm and a key length of 128 for a file system mounted on /acfsmnts/acfs1:
# /sbin/acfsutil encr set -a AES -k 128 -m /acfsmnts/acfs1/
The command above also transparently generates a volume encryption key which is stored in the key store that was previously configured with the acfsutil encr init command.
3. Enable encryption. Run acfsutil encr on to enable encryption for directories and files.For example, the following command enables encryption recursively on all files in the /acfsmnts/acfs1/medrecords directory.
# /sbin/acfsutil encr on -r /acfsmnts/acfs1/medrecords -m /acfsmnts/acfs1/
For users that have permission to access files in the medrecords directory, they can still read the decrypted files. Run acfsutil encr info to display encryption information.

I think its A,D & E

Reply

WGCM

WGCM

A) Correto
https://docs.oracle.com/database/121/OSTMG/GUID-5591C710-D763-4F72-BB56-A1452CA6AAB2.htm#OSTMG34510

Note the following when working with Oracle ACFS encryption:
A copy of an encrypted file is not encrypted unless the copy of the file is made in an encrypted directory…

B) Errado!
http://docs.oracle.com/database/121/OSTMG/GUID-0E8E9F8F-0B69-4502-8236-62110A86E95C.htm#OSTMG95162

C) Errado!
http://docs.oracle.com/database/121/OSTMG/GUID-778F5BA9-E70A-42B7-9266-D36C5C0BAB6A.htm#OSTMG95168
Only an administrator can run this command on an Oracle ACFS file system…
Only a user with root or system administrator privileges can run this command to disable encryption on a file system. The file owner can also run this command to disable encryption on a directory or file….

D) Correto!
http://docs.oracle.com/database/121/OSTMG/GUID-CEF666C5-2B32-4596-9D08-9DBCE96CDA30.htm#OSTMG95174
acfsutil encr on -m mount_point [-a {AES} -k {128|192|256}] [[-r] path [path…]]

-k key_length Specifies the encryption key length for a directory or file.

Reply