Which statement is true about encryption on OCI?

The statement that “By default, DB Systems offers an encrypted database” is accurate because Oracle Cloud Infrastructure (OCI) employs encryption for customer data at rest in its Database Systems. This feature is enabled by default, ensuring that all data stored in the database is encrypted to enhance security without requiring additional configuration from the customer. It leverages Transparent Data Encryption (TDE) to automatically encrypt data written to storage and decrypt it when read back, thus safeguarding sensitive information against unauthorized access.

In contrast, while other options contain elements of truth related to encryption in OCI, they do not accurately reflect the default settings or responsibilities tied to encryption. For instance, Oracle does provide encryption options for various services, but it isn't the case that object storage is entirely unencrypted by default, and customers share the responsibility for encryption implementation. The mention of NVMe drives not being encrypted by default does not encompass the overarching principles of OCI's approach to data encryption, particularly regarding how it is implemented in services like DB Systems.