Oracle Cloud Infrastructure 2022 Architect Professional — Question 29

Your company will soon start moving critical systems into the Oracle Cloud Infrastructure (OCI) platform. These systems will reside in the us-phoenix-1 and us-ashburn-1 regions. As part of the migration plan, you review the company's existing security policies and written guidelines for the OCI platform usage within the company.
Your security processes for critical systems require that all data be encrypted at rest using Customer-Managed Keys.
Which TWO options ensure compliance with this policy? (Choose two.)

Answer options

• A. When you create a new compute instance through the OCI console, use the default options for "configure boot volume" to speed up the process of creating this compute instance.
• B. When you create a new compute instance through the OCI console, use the default shape to speed up the process of creating this compute instance.
• C. When you create a new OCI Object Storage bucket through the OCI console, you need to choose the "ENCRYPT USING CUSTOMER-MANAGED KEYS" option.
• D. When you create a new block volume through the OCI console, select the "Encrypt using Customer-Managed Keys" checkbox and use the encryption keys generated and stored in OCI Vault.
• E. You do not need to perform any additional actions because the OCI Block Volume service always encrypts all block volumes, boot volumes, and volume backups at rest by using the Advanced Encryption Standard (AES) algorithm with 256-bit encryption.

Correct answer: C, D

Explanation

Options C and D are correct as they directly address the requirement to use Customer-Managed Keys for encryption at rest. Option A and B do not pertain to encryption and focus solely on instance creation efficiency, while option E incorrectly states that no additional action is needed, disregarding the Customer-Managed Keys requirement.