An administrator needs to provide encryption for workloads within an existing vSphere cluster.
The following requirements must be met:
Workloads should be encrypted at rest.
Encrypted workloads must automatically be encrypted during transit.
Encryption should not require any specific hardware.
What should the administrator configure to meet these requirements?
To meet the requirements of encrypting workloads at rest, automatically encrypting workloads during transit, and not requiring specific hardware, the administrator should configure VM Encryption. VM Encryption provides encryption for virtual machines, ensuring their data is encrypted both at rest and during transit. Additionally, it does not require any specific hardware, making it the most suitable choice for this scenario.
To meet the requirements of encrypting workloads at rest, automatically encrypting workloads during transit, and not requiring specific hardware, the administrator should configure: D. VM Encryption VM Encryption provides encryption for virtual machines and meets all the specified requirements. It encrypts the VM's data at rest and also ensures that the data is encrypted during transit. Additionally, VM Encryption does not require specific hardware, making it a suitable choice for this scenario. Options A, B, and C do not directly address all of the specified requirements. Encrypted vSphere vMotion (A) is specifically related to encrypting the vMotion traffic, not the VMs themselves. UEFI Secure Boot (B) is a security feature for booting and does not provide VM-level encryption. Host Encryption (C) typically refers to encrypting the data on the host's storage devices, which is different from VM-level encryption.
VM Encryption, cause this is the only option that not require specific hardware
VM Encryption, cause this is the only option that not require specific hardware
D: this should be VM encryption
This was my answer, passed with 452
Answer is VM Encryption. With vSphere Virtual Machine Encryption, you can encrypt your sensitive workloads in an even more secure way. Access to encryption keys can be made conditional to the ESXi host being in a trusted state. vSphere vMotion always uses encryption when migrating encrypted virtual machines. https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-E6C5CE29-CD1D-4555-859C-A0492E7CB45D.html#:~:text=encrypt%20your%20sensitive%20workloads
VM encryption is correct option
Why not C? Take a look at the following article: https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-E6C5CE29-CD1D-4555-859C-A0492E7CB45D.html "Prerequisites and Required Privileges for Virtual Machine Encryption Tasks Virtual machine encryption tasks are possible only in environments that include vCenter Server. Also, the ESXi host must have encryption mode activated for most encryption tasks" I think Host Encryption is a requirement for perform VM Encryption. In addition, the letter specifies that encryption must occur in transit
No. The requirement is Workloads should be encrypted at rest. Encryption mode activated does not means it is encrypted. It is to provide the option only.