C & E. Secure Boot has been around prior to 7.0

D and E are correct: With secure boot enabled, the boot sequence proceeds as follows. - Starting with vSphere 6.5, the ESXi bootloader contains a VMware public key. The bootloader uses this key to verify the signature of the kernel and a small subset of the system that includes a secure boot VIB verifier. - The VIB verifier verifies every VIB package that is installed on the system. At this point, the entire system boots with the root of trust in certificates that are part of the UEFI firmware. https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-5D5EE0D1-2596-43D7-95C8-0B29733191D9.html

C & E. Passed 500/500 Today 1/Dec/22

Took the examen today, option D got replaced with "ESXi 7.0 or greater", which I believe would make C and E the correct ones.

CE is Correct

C & E https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-10F7022C-DBE1-47A2-BD86-3840C6955057.html

D & E Guys look, TPM is optional for secure boot, for enabling ESXi secure boot UEFI and a ESXi 6.5 or greater is needed. https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-5D5EE0D1-2596-43D7-95C8-0B29733191D9.html . ESXi hosts can use Trusted Platform Modules (TPM) chips, which are secure cryptoprocessors that enhance host security by providing a trust assurance rooted in hardware as opposed to software. https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-10F7022C-DBE1-47A2-BD86-3840C6955057.html

D and E, but be careful because in the last exams (December 2022) option D where it says 6.5 or greater, says 7.0 or greater. The reality is that ESXi Secure Boot appeared with 6.5 but the option of the question today appears from 7.0 (be careful). 484 over 500.

The answer is here. Watch this video on how to setup UEFI Secure Boot on VMware ESXi 6.5.x for Dell’s 13th generation of PowerEdge server https://www.youtube.com/watch?v=Ll9qlF9qV9I

DE Although the version of TPM is 2.0 which is supported it is not mandatory for secure boot. Having ESX 6.5 and above + UEFI are necessary components to activating secure boot of course if the hardware supports it.

Secure boot is part of the UEFI firmware standard. With secure boot enabled, a machine refuses to load any UEFI driver or app unless the operating system bootloader is cryptographically signed. Starting with vSphere 6.5, ESXi supports secure boot. So D & E.

Answer is D & E https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-5D5EE0D1-2596-43D7-95C8-0B29733191D9.html the first point of this article states "1.Starting with vSphere 6.5, the ESXi bootloader..."

https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-5D5EE0D1-2596-43D7-95C8-0B29733191D9.html

D & E https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-5D5EE0D1-2596-43D7-95C8-0B29733191D9.html

Version 6.5. TPM 1.2 and UEFI are minimum requirements, TPM 2.0 is optional.

What is the correct answer?

Secure boot was enabled as a feature since 6.5 using UEFI boot. TPM is "optional" for secure boot since vS7 U2 - it is not "required" D & E are correct