NetApp Certified Implementation Engineer – SAN, E-Series — Question 47
You need to configure data-at-rest encryption for your NetApp ONTAP 9.8 cluster. Your company does not have Key Management Interoperability Protocol (KMIP) services available but must require a passphrase to be entered when a node is rebooted.
In this scenario, which two actions should be performed to satisfy these requirements? (Choose two.)
Answer options
- A. Enable onboard key management
- B. Enable common criteria mode
- C. Configure an external key management server
- D. Enable cluster-wide FIPS-compliant mode
Correct answer: A, B
Explanation
Enabling onboard key management allows the cluster to store encryption keys locally, which is necessary since KMIP services are not available. Activating common criteria mode enhances security by adhering to specific compliance standards, also satisfying the requirement for a passphrase during reboot, while the other options do not meet the specified conditions.