Oracle Cloud Infrastructure 2022 Architect Professional — Question 47

Your organization is developing serverless applications with Oracle Functions. Many of these functions will need to store state data in a database which will require the use of appropriate credentials. However, your corporate security standards mandate the encryption of secret information, such as database passwords.

As a solutions architect, which approach would you direct your team to follow to satisfy this security requirement?

Answer options

• A. Use the OCI Console to enter the password in the function configuration section in the provided Input field.
• B. Encrypt the password using the OCI Vault service, then decrypt this password in your function code with the generated key.
• C. Leverage application-level configuration variables to store passwords because they are automatically encrypted by Oracle Functions.
• D. Use the OCI Vault service to auto-encrypt the password, then set an application-level configuration variable to reference the auto-decrypted password inside your function container.

Correct answer: B

Explanation

The correct answer is B because encrypting the password with the OCI Vault service and then decrypting it in the function code ensures that sensitive information is securely stored and accessed. Option A does not provide encryption, making it non-compliant with security standards. Option C incorrectly assumes that application-level configuration variables are automatically encrypted, which may not be true. Option D complicates the process by introducing unnecessary steps with auto-encryption and referencing, which isn't as direct as option B.