DB2 10 for z/OS Database Administrator — Question 31

Which statement regarding setting up a local keystore for DB2 native encryption is TRUE?

Answer options

• A. A local keystore is not needed if a Hardware Security Module (HSM) is used to manage master keys.
• B. If a local keystore is used to store data encryption keys, a stash file must be used to store master keys temporarily.
• C. A master key must be generated and placed in an existing local keystore before a new encrypted database will be created.
• D. After a local keystore is created, you will be prompted for a password whenever the database manager accesses the keystore.

Correct answer: C

Explanation

Option C is correct because a master key must indeed be generated and stored in a local keystore prior to the creation of an encrypted database. Option A is incorrect since a local keystore is still needed for other configurations, even if an HSM is present. Option B is misleading because while a stash file is used, this does not negate the need for a keystore. Option D is wrong as the password prompt behavior depends on specific configurations and may not occur every time.