VMware vSphere 8.x Advanced Design (VCAP-DCV Design) — Question 39
An architect is reviewing the security and compliance requirements for a new application that will be hosted on a vSphere 8 environment.
The following information has been noted about the new application:
The application stores and processes confidential data
The supporting virtual infrastructure is shared with other departments
No other application stores or processes confidential data
The application virtual machines must be able to run on any ESXi host in the cluster
The storage layer is a iSCSI attached SAN
Data at Rest Encryption is in place for each presented LUN validated to FIPS 140-2
No budget is available for additional infrastructure components or software
Application data must not be accessible outside of the application's virtual machines
The architect has been tasked with providing a secure virtual machine design to host the application.
Which three design elements must the architect include to meet the requirements? (Choose three.)
Answer options
- A. Virtual Machine Encryption
- B. The vSphere Native Key Provider
- C. A new encrypted iSCSI LUN
- D. External Key Management Service (KMS) provider
- E. A new local VMFS volume
- F. VMware vSAN
Correct answer: A, B, C
Explanation
The correct answers, A, B, and C, are essential for securing confidential data within the application. Virtual Machine Encryption (A) protects the VMs, while the vSphere Native Key Provider (B) manages encryption keys, and a new encrypted iSCSI LUN (C) ensures that the storage is secure. Options D, E, and F do not directly address the specific security requirements outlined for the application.