Which two security capabilities are specifically offered by Oracle Cloud Infrastructure?

The capability of Always On Data Encryption for data at rest is fundamental to ensuring the confidentiality and integrity of sensitive information stored in Oracle Cloud Infrastructure (OCI). This feature automatically encrypts data at rest using strong encryption algorithms, which protects it from unauthorized access, significantly enhancing the overall security posture of cloud-based applications and services. It ensures that even if storage devices are compromised, the data itself remains inaccessible without the proper decryption keys.

Key Management Service is another important aspect of OCI's security framework, providing a centralized, secure way to manage cryptographic keys for Oracle Cloud resources. Organizations can create, import, and manage keys while maintaining control over access and auditing, which is essential for compliance with security and regulatory standards.

Although managed Active Directory service and certificate management service are valuable for identity management and securing communications, they do not represent the core foundational security capabilities that directly relate to data confidentiality and key management within OCI. Therefore, selecting both Always On Data Encryption for data at rest and Key Management Service covers essential elements of OCI's security offerings.