MySQL 8.0 Database Administrator — Question 115

Which statement is true about MySQL Enterprise Transparent Data Encryption (TDE)?

Answer options

• A. MySQL TDE uses an appropriate keyring plugin to store the keys in a centralized location.
• B. Both MyISAM and InnoDB tables can be encrypted by setting the keyring_engine = ALL variable in the MySQL configuration file.
• C. Lost tablespace encryption keys can be regenerated only if the master database key is known or present in the Key Vault specification.
• D. TDE can encrypt InnoDB and MyISAM tables only when the tables are stored in the SYSTEM tablespace.

Correct answer: A

Explanation

The correct answer is A because MySQL TDE indeed employs a keyring plugin to manage encryption keys centrally. Option B is incorrect as MyISAM tables cannot be encrypted with TDE; it's specific to InnoDB. Option C is misleading since regeneration of lost keys is not dependent solely on the master database key being present, and option D is false because TDE supports encryption for InnoDB tables regardless of the tablespace.