ExamTopics Logo
Mail Us[email protected]
Menu
Oracle Discussions
exam questions

Exam 1z0-997-22 All Questions

View all questions & answers for the 1z0-997-22 exam
Go to Exam

Exam 1z0-997-22 topic 1 question 58 discussion

Actual exam question from Oracle's 1z0-997-22
Question #: 58
Topic #: 1
[All 1z0-997-22 Questions]

Your organization is developing serverless applications with Oracle Functions. Many of these functions will need to store state data in a database which will require the use of appropriate credentials. However, your corporate security standards mandate the encryption of secret information, such as database passwords.

As a solutions architect, which approach would you direct your team to follow to satisfy this security requirement?

  • A. Use the OCI Console to enter the password in the function configuration section in the provided Input field.
  • B. Encrypt the password using the OCI Vault service, then decrypt this password in your function code with the generated key.
  • C. Leverage application-level configuration variables to store passwords because they are automatically encrypted by Oracle Functions.
  • D. Use the OCI Vault service to auto-encrypt the password, then set an application-level configuration variable to reference the auto-decrypted password inside your function container.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by daws08322 at Nov. 11, 2023, 11:13 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
daws08322
1 year, 2 months ago
answer b is correct.
upvoted 1 times
...
daws08322
1 year, 2 months ago
The provided answer C, is correct. Create a KMS vault Create a Master Encryption Key Generate a Data Encryption Key (DEK) from the Master Encryption Key Use the DEK "plaintext" return value to encrypt the "sensitive value" (offline) Store the encrypted "sensitive value" as a config variable in the serverless application Store the DEK ciphertext and the initVector used to encrypt the "sensitive value" as Function config variables Within the function, decrypt the DEK ciphertext back into "plaintext" using the OCID and Cryptographic Endpoint by invoking the OCI KMS SDK Decrypt the "sensitive value" using the decrypted DEK "plaintext" and the initVector https://blogs.oracle.com/developers/oracle-functions-using-key-management-to-encrypt-and-decrypt-configuration-variables https://www.ateam-oracle.com/secure-storage-of-confidential-configuration-data-in-oracle-functions-using-oracle-oci-key-management-services
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago