Oracle Cloud Infrastructure 2020 Architect Professional — Question 7

Your company will soon start moving critical systems into Oracle Cloud Infrastructure (OCI) platform. These systems will reside in the us-phoenix-1 and us- ashburn-1 regions. As part of the migration planning, you are reviewing the company's existing security policies and written guidelines for the OCI platform usage within the company.
Your security processes for critical systems require that all data is encrypted at rest using Customer-Managed Keys.
Which two options ensure compliance with this policy? (Choose two.)

Answer options

• A. You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption.
• B. When you create a new OCI Object Storage bucket through OCI console, you need to choose "ENCRYPT USING CUSTOMER-MANAGED KEYS" option.
• C. When you create a new block volume through OCI console, select "Encrypt using Customer-Managed Keys" checkbox and use encryption keys generated and stored in OCI Vault.
• D. When you create a new compute instance through OCI console, you use the default options for "configure boot volume" to speed up the process to create this compute instance.
• E. When you create a new compute instance through OCI console, you use the default shape to speed up the process to create this compute instance.

Correct answer: B, C

Explanation

Options B and C are correct because they specifically require the use of Customer-Managed Keys for encryption, which aligns with the security policy. Option A is incorrect as it does not involve customer-managed keys; it relies on automatic encryption. Options D and E are irrelevant to the encryption requirements and do not address the policy about data encryption.