Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

VMware 3V0-21.23 Exam - Topic 1 Question 21 Discussion

Actual exam question for VMware's 3V0-21.23 exam
Question #: 21
Topic #: 1
[All 3V0-21.23 Questions]

An architect is reviewing the security and compliance requirements for a new application that will be hosted on a vSphere 8 environment.

The following information has been noted about the new application:

The application stores and processes confidential data

The supporting virtual infrastructure is shared with other departments

No other application stores or processes confidential data

The application virtual machines must be able to run on any ESXi host in the cluster

The storage layer is a iSCSI attached SAN

Data at Rest Encryption is in place for each presented LUN validated to FIPS 140-2

No budget is available for additional infrastructure components or software

Application data must not be accessible outside of the application's virtual machines

The architect has been tasked with providing a secure virtual machine design to host the application.

Which three design elements must the architect include to meet the requirements? (Choose three.)

Show Suggested Answer Hide Answer
Suggested Answer: A, B, D

Virtual Machine Encryption

To ensure that the application's confidential data is protected, Virtual Machine Encryption should be applied. This will ensure that even if someone gains access to the storage layer or the underlying infrastructure, the data in the virtual machine is encrypted and cannot be accessed outside of the VM, as required by the security and compliance requirements.

The vSphere Native Key Provider

The vSphere Native Key Provider can be used to manage encryption keys within the vSphere environment. Since no budget is available for additional infrastructure components or software, leveraging vSphere's native capabilities for key management ensures that encryption is securely handled without introducing external dependencies. This also aligns with the requirement to not introduce additional infrastructure.

External Key Management Service (KMS) provider

While the vSphere Native Key Provider can manage keys within the environment, if there is a requirement for a more secure or compliant key management solution, an External Key Management Service (KMS) may be used. The KMS provider allows for centralized management of encryption keys, ensuring that the keys are securely stored and controlled according to compliance standards (e.g., FIPS 140-2). Although the Native Key Provider may suffice, this option ensures that key management adheres to stricter compliance needs, especially for confidential data.


by Ressie at Apr 09, 2026, 06:34 PM

Limited Time Offer

25%

Off

Get Premium 3V0-21.23 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tyisha
2 days ago
I remember studying about VM encryption, but I'm not sure if we need a new encrypted iSCSI LUN since the existing one is already validated to FIPS.
upvoted 0 times
...

Save Cancel