VMware Carbon Black Cloud Endpoint Standard Specialist — Question 68

A vSAN administrator has been asked to encrypt all traffic for data and metadata across all hosts in a vSAN cluster.
Which action is necessary to achieve this level of encryption?

Answer options

• A. Enable vSAN Cluster level encryption via Storage Policy. No KMS is required.
• B. Enable vSAN Data In-Transit encryption at the cluster level. No KMS is required.
• C. Deploy KMS server, and enable vSAN Data at Rest encryption at the cluster level.
• D. Deploy KMS server, and enable vSAN Data at Rest and In-Transit encryption at the host level.

Correct answer: B

Explanation

The correct answer is B because enabling vSAN Data In-Transit encryption at the cluster level is specifically designed to encrypt traffic for data and metadata, ensuring protection during transit. Options A and C do not address the requirement for traffic encryption, while D focuses on host-level settings rather than cluster-level settings.