Which two statements are true about InnoDB data-at-rest encryption? (Choose two.)
Which two statements are true about InnoDB data-at-rest encryption? (Choose two.)
InnoDB data-at-rest encryption supports all indexes transparently, meaning that it includes the encryption of all types of indexes such as primary, secondary, unique, full-text, and spatial indexes along with the table data. Additionally, InnoDB decrypts data for use in memory; once the data is fetched from the disk, it needs to be decrypted to be processed by the database engine, ensuring that it is readily usable when retrieved.
InnoDB data-at-rest encryption supports all indexes transparently and With InnoDB data-at-rest encryption, in-memory data is decrypted, which provides complete transparency. ANS: C and D https://dev.mysql.com/doc/refman/8.0/en/faqs-tablespace-encryption.html
C. It supports all indexes transparently. D. It decrypts data for use in memory.
can't be encrypted over network, where is the documentation for that? I guess C and D. D because if decrypts as needed "for use".
Explanation: InnoDB data-at-rest encryption provides built-in encryption for data at the tablespace level, which is enforced from disk to memory and over network transmission, ensuring that the data is encrypted at all times. It supports all indexes transparently, including primary, secondary, unique, full-text, and spatial indexes, which are all encrypted along with the table data. InnoDB data-at-rest encryption supports all datatypes, including blob datatypes. InnoDB data-at-rest encryption does not affect the transportable tablespaces feature, which can be used to move InnoDB tables between servers, as long as the tablespace encryption key is available on the destination server. InnoDB data-at-rest encryption does not decrypt data for use in memory; instead, it keeps the data encrypted in memory until it is required by the user, at which point it is decrypted temporarily for processing.