ExamTopics Logo
Mail Us[email protected]
Menu
Oracle Discussions
exam questions

Exam 1z0-1084-20 All Questions

View all questions & answers for the 1z0-1084-20 exam
Go to Exam

Exam 1z0-1084-20 topic 1 question 46 discussion

Actual exam question from Oracle's 1z0-1084-20
Question #: 46
Topic #: 1
[All 1z0-1084-20 Questions]

You are developing a serverless application with Oracle Functions. Your function needs to store state in a database. Your corporate security standards mandate encryption of secret information like database passwords.
As a function developer, which approach should you follow to satisfy this security requirement? (Choose the best answer.)

  • A. Use the Oracle Infrastructure Console and enter the password in the function configuration section in the provided input field.
  • B. Use Oracle Cloud Infrastructure Key Management to auto-encrypt the password. It will inject the auto-decrypted password inside your function container.
  • C. Encrypt the password using Oracle Cloud Infrastructure Key Management. Decrypt this password in your function code with the generated key.
  • D. All function configuration variables are automatically encrypted by Oracle Functions.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by gfhbox0083 at July 14, 2020, 10:51 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
gfhbox0083
Highly Voted 4 years, 10 months ago
The provided answer C, is correct. Create a KMS vault Create a Master Encryption Key Generate a Data Encryption Key (DEK) from the Master Encryption Key Use the DEK "plaintext" return value to encrypt the "sensitive value" (offline) Store the encrypted "sensitive value" as a config variable in the serverless application Store the DEK ciphertext and the initVector used to encrypt the "sensitive value" as Function config variables Within the function, decrypt the DEK ciphertext back into "plaintext" using the OCID and Cryptographic Endpoint by invoking the OCI KMS SDK Decrypt the "sensitive value" using the decrypted DEK "plaintext" and the initVector https://blogs.oracle.com/developers/oracle-functions-using-key-management-to-encrypt-and-decrypt-configuration-variables https://www.ateam-oracle.com/secure-storage-of-confidential-configuration-data-in-oracle-functions-using-oracle-oci-key-management-services
upvoted 6 times
...
NJAIN2380
Most Recent 4 years, 9 months ago
Answer - C https://blogs.oracle.com/developers/oracle-functions-using-key-management-to-encrypt-and-decrypt-configuration-variables
upvoted 3 times
...
ddmoto
4 years, 10 months ago
Answer is A
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel