Examice

Exam 5V0-21.21 All QuestionsBrowse all questions from this exam

Go to Exam

Question 22

An administrator wants to enable encryption on an existing vSAN cluster that already contains virtual machines.

Which additional step should the administrator take to ensure no data is lost during the encryption process?

Select 'Erase disks before use' check box when enabling encryption on a vSAN cluster.

Make vCenter Server trust the KMS, either by trusting the KMS or by uploading a KMS certificate.

Ensure that the vSAN Encryption is enabled by default on the existing cluster to encrypt old and new data.

Disable vSphere Distributed Resources Schedule (DRS) on the vSAN cluster.

Correct Answer: B

To ensure no data is lost during the encryption process, the administrator must make vCenter Server trust the Key Management Server (KMS). This can be done by trusting the KMS or by uploading a KMS certificate. This step is essential to establish a secure communication channel for encryption keys, ensuring that existing data is properly encrypted without loss.

Discussion

LazylinuxOption: B

B As per my previous answer

glannoy2Option: B

B ... A will result data loss

DSITTAOption: A

If you answer B, that i s a step for enabling the feature, the encryption requires that diskgroup will be reformatted. So data is lost anyway. You could only deselect "Wipe residual Data" and Allow Reduced Redundancy. Answer A could be the result for the encryptin process. But that questions does not ask for starting encryption at all.

jsi928Option: B

Answer is B. https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vsan.doc/GUID-E7CA36B7-D7EB-423A-ADD1-7E410E36F5A7.html

tayabOption: A

i think its A https://blogs.vmware.com/virtualblocks/2018/07/16/ve-erase-disks-before-use/

GodMan114Option: A

I'm going with A. I don't like this question at all. None of them really have anything to do with data not being lost, but ideally you want to wipe the disk if you're encrypting it so that all old data is also encrypted (otherwise, only new data will be encrypted).

LazylinuxOption: B

B i would choose. This is really dumb question and not clear at all. A will definitely erase all your VMs object and hence lose data and kiss all your work load vms goodbye, the answer would be A if it said de-select!! B really dont have anything to do with protecting data from lose as it is the steps for setting up the encryption, C and D are just wrong and hence im left with no choice but to chose B...below all you need to know about vsan Encryption and speaks of data erase https://core.vmware.com/resource/vsan-encryption-services#sec7014-sub5

MosabShOption: B

You must have configured a standard key provider and established a trusted connection between vCenter Server and the KMS.

FISJACOption: A

Answer:A Recommendations for “Erase disks before use” when using vSAN Encryption are: Select “Erase disks before use” When enabling vSAN Encryption for existing vSAN clusters that have vSAN objects on them When adding a host that has data on local devices to an encrypted vSAN cluster When performing a rekey operation to invoke a deep rekey (requesting a new KEK and new unique DEKs created for each vSAN storage device) https://blogs.vmware.com/virtualblocks/2018/07/16/ve-erase-disks-before-use/

FISJAC

In the blogs, you can see: What occurs when “Erase disks before use” is used? First, it is important to understand that this does not destroy active data.