Oracle Cloud Infrastructure 2020 Architect Associate — Question 23

Which of the following statements is true about the Oracle Cloud Infrastructure (OCI) Object Storage server-side encryption?

Answer options

• A. Encryption of data encryption keys with a master encryption key is optional.
• B. Customer-provided encryption keys are always stored in OCI Vault service.
• C. Encryption is enabled by default and cannot be turned off.
• D. Each object in a bucket is always encrypted with the same data encryption key.

Correct answer: C

Explanation

The correct answer is C because Oracle Cloud Infrastructure Object Storage automatically enables encryption for data at rest, and this feature cannot be disabled. Option A is incorrect since using a master encryption key is mandatory for key management. Option B is false as customer-provided keys can be managed outside of the OCI Vault service. Option D is misleading since each object can use unique data encryption keys.