VMware App Volumes (VCP-AM 2019) — Question 4

When using vSAN Encryption, where does the Key Encryption Key persistently reside?

Answer options

• A. in /etc/vmware/ssl on each vSAN host
• B. in the KMS server
• C. in a VM configuration file on vSAN
• D. in the vCenter Server cache

Correct answer: C

Explanation

The Key Encryption Key is stored in a VM configuration file on vSAN, which allows for secure and consistent access to the key across the environment. The other options, such as the KMS server and vCenter Server cache, do not serve as persistent storage locations for the Key Encryption Key in the context of vSAN Encryption.