I'm not an IDQ specialist, but as of my knowledge IDQ doesn't encrypt data in transit either (just in the same way that PowerCenter does not encrypt them). Assuming my understanding is correct, the answer to Q1 is YES.
An important side note: IDQ can access Oracle data via the Oracle OCI client, via ODBC, or via JDBC. PowerCenter can only leverage the OCI client (technically ODBC is possible, but it's not allowed for PowerCenter customers to use an ODBC connection to Oracle for a PowerCenter server).
So in order to use the encryption via Oracle Wallets, it's (again, as of my understanding) mandatory to access the Oracle DBMS only via the OCI client; neither the ODBC nor the JDBC driver will provide that functionality.
Q2: it doesn't matter where the IDQ installation resides (i.e. whether it's installed on on-premise hardware or some virtual machine or some AWS / EC2 instance). So the answer to this question is YES as well.
Again, no authoritative answer, only my understanding.
Pre-Requisite: Your oracle database has encryption enabled.
IDQ is quite simple compared to PowerCenter to configure encryption.
The IDQ connections(configured in admin console) generally uses the JDBC connect strings to get metadata information like table structures, column sizes, etc. and JDBC does have some encyrption support.
For data access, IDQ 10.4.1 uses the progress datadirect 8.0 drivers or native ODBC drivers. Both support encryption. The above hyperlink shows you all the driver methods(Look at encrypt* Crypto* methods).
1.) Yes. If pre-requisites are met
2.) No. You just need to configure the datadirect odbc.ini entry to use encryption.
The IDQ can encrypt data in transit if the DIS supports only HTTPS protocol and connections between the developer tool or Analyst web app is encrypted by this setting. Keep in mind data on the IDQ server can be decrypted as mentioend in KB.