You created an encrypted tablespace:
You then closed the encryption wallet because you were advised that this is secure.
Later in the day, you attempt to create the EMPLOYEES table in the SECURESPACE tablespace with the
SALT option on the EMPLOYEE column.
Which is true about the result?
A.
It creates the table successfully but does not encrypt any inserted data in the EMPNAME column
because the wallet must be opened to encrypt columns with SALT.
B.
It generates an error when creating the table because the wallet is closed.
C.
It creates the table successfully, and encrypts any inserted data in the EMPNAME column because the
wallet needs to be open only for tablespace creation.
D.
It generates error when creating the table, because the salt option cannot be used with encrypted
tablespaces.
Explanation:
* The environment setup for tablespace encryption is the same as that for transparent data encryption.
Before attempting to create an encrypted tablespace, a wallet must be created to hold the encryption key.
* Setting the tablespace master encryption key is a one-time activity. This creates the master
encryption key for tablespace encryption. This key is stored in an external security module (Oracle wallet)
and is used to encrypt the tablespace encryption keys.
* Before you can create an encrypted tablespace, the Oracle wallet containing the tablespace master
encryption key must be open. The wallet must also be open before you can access data in an encrypted
tablespace.
* Salt is a way to strengthen the security of encrypted data. It is a random string added to the data before it
is encrypted, causing repetition of text in the clear to appear different when encrypted. Salt removes the one
common method attackers use to steal data, namely, matching patterns of encrypted text.
* ALT | NO SALT By default the database appends a random string, called “salt,” to the clear text of the
column before encrypting it. This default behavior imposes some limitations on encrypted columns:
/ If you specify SALT during column encryption, then the database does not compress the data in the
encrypted column even if you specify table compression for the table. However, the database does
compress data in unencrypted columns and encrypted columns without the SALT parameter.