Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Ibm Discussions
exam questions

Exam C2090-600 All Questions

View all questions & answers for the C2090-600 exam
Go to Exam

Exam C2090-600 topic 1 question 49 discussion

Actual exam question from IBM's C2090-600
Question #: 49
Topic #: 1
[All C2090-600 Questions]

Which statement regarding setting up a local keystore for DB2 native encryption is TRUE?

  • A. A local keystore is not needed if a Hardware Security Module (HSM) is used to manage master keys.
  • B. If a local keystore is used to store data encryption keys, a stash file must be used to store master keys temporarily.
  • C. A master key must be generated and placed in an existing local keystore before a new encrypted database will be created.
  • D. After a local keystore is created, you will be prompted for a password whenever the database manager accesses the keystore.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by db2tester at Nov. 20, 2019, 3:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Shubhranshu
4 years, 8 months ago
Wondering why answer is not A? A master key needs to be stored in Keystore but a keystore can be local or a supported third party keystore. Keystores supported by Db2 includes Hardware Security Modules (HSM) that use the PKCS #11 API. https://www.ibm.com/support/knowledgecenter/SSEPGG_11.5.0/com.ibm.db2.luw.admin.sec.doc/doc/c0070381.html
upvoted 2 times
...
db2tester
5 years ago
The correct answer is "C. A master key must be generated and placed in an existing local keystore before a new encrypted database will be created. " - Db2 native encryption uses a two-tier approach to data encryption. Data is encrypted with a Data Encryption Key (DEK), which is in turn encrypted with a Master Key (MK). The encrypted DEK is stored with the data while the MK is stored in a keystore external to Db2. A master key (MK) is an encryption key that is used to encrypt a data encryption key (DEK). Each encrypted database is associated with one master key at one time. Unless directed otherwise, Db2 generates an MK automatically during these operations: - Database creation - Master key rotation - Restoring into a new database Reference : https://www.ibm.com/support/knowledgecenter/en/SSEPGG_11.1.0/com.ibm.db2.luw.admin.sec.doc/doc/c0070381.html
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel