Which three security features are available in Oracle Autonomous Database Shared Infrastructure? (Choose three.)
Correct Answer: A,D,E
Oracle Autonomous Database Shared Infrastructure offers built-in security features to protect data and ensure compliance. The three correct features are:
Customer Managed Keys (A): This feature allows customers to use their own encryption keys for Transparent Data Encryption (TDE), stored in Oracle Key Vault or OCI Vault. It gives control over key management, enhancing security by ensuring only the customer can decrypt data. For example, a company might generate a key in OCI Vault, link it to their ADB, and rotate it periodically, all managed outside Oracle's default keys.
Database Vault (D): Oracle Database Vault enforces fine-grained access controls, preventing unauthorized access to sensitive data even by privileged users (e.g., DBAs). In ADB shared infrastructure, it's available to restrict operations like SELECT on specific schemas, adding a layer of protection against internal threats. For instance, it could block an admin from viewing customer PII unless explicitly permitted.
Transparent Data Encryption (E): TDE is enabled by default in Autonomous Database, encrypting data at rest (e.g., in tablespaces, backups, and logs) using AES-256. This ensures that if physical storage is compromised, the data remains unreadable without the encryption key. Customers can opt for customer-managed keys (A) or use Oracle-managed keys, but TDE itself is always active.
The incorrect options are:
Audit Vault (B): Oracle Audit Vault is a separate product for centralized audit log management, not a built-in feature of ADB shared infrastructure. While ADB performs auditing, it doesn't include Audit Vault's advanced capabilities natively.
Data Redaction (C): Data Redaction (masking sensitive data in query results) is available in on-premises Oracle Database Enterprise Edition but is not supported in Autonomous Database shared infrastructure. ADB's managed nature limits such custom configurations, relying instead on TDE and Database Vault for security.
These features collectively ensure robust security with minimal customer effort in a shared environment.