An administrator wants to implement virtual machine encryption.
Which component encrypts the virtual machine files?
An administrator wants to implement virtual machine encryption.
Which component encrypts the virtual machine files?
The component that encrypts the virtual machine files is the Data Encryption Key (DEK). The DEK is used to encrypt the actual data on the virtual machine. The Key Encryption Key (KEK) encrypts the DEK, but it does not directly encrypt the virtual machine files. A certificate and key management server (KMS) are involved in the key management process but do not perform the actual encryption of virtual machine files.
https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-8D7D09AC-8579-4A33-9449-8E8BA49A3003.html. vSphere Encryption Keys and Key Providers vSphere uses two levels of encryption in the form of a Key Encryption Key (KEK) and a Data Encryption Key (DEK). Briefly, an ESXi host generates a DEK to encrypt virtual machines and disks. The KEK is provided by a key server, and encrypts (or "wraps") the DEK. The KEK is encrypted using the AES256 algorithm and the DEK is encrypted using the XTS-AES-256 algorithm. Depending on the type of key provider, different methods are used to create and manage the DEK and KEK. So, The answer should be B and C
The answer should be B. https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-8D7D09AC-8579-4A33-9449-8E8BA49A3003.html
B is correct
B and C
I vote for B : DEK