2V0-622D Question #29: Real Exam Question with Answer & Explanation

Question

Options

• AVMs will shut down gracefully in the event of a KMS outage as a proactive measure to prevent
• BVMs which were running at the time of the KMS failure will continue to run.
• CIf an ESXi host is rebooted, it will be unable to power on encrypted VMs until KMS connectivity is
• DvCenter Server will continue to distribute encryption keys as long as it is not rebooted while the
• EESXi hosts within the same cluster will share keys with one another while the KMS is

Explanation

When a KMS fails, VMs already running remain operational because ESXi hosts cache keys in memory, but any host that reboots cannot retrieve keys and therefore cannot power on encrypted VMs.

Common mistakes.

• A. vSphere VM encryption does not trigger a graceful or automatic shutdown of running VMs during a KMS outage - already-powered-on VMs continue running normally using keys cached in host memory.
• D. vCenter Server does not distribute or cache encryption keys - key distribution is handled exclusively by the KMS, and vCenter only brokers the initial trust relationship between ESXi hosts and the KMS.
• E. ESXi hosts do not share encryption keys with peer hosts in the cluster - each host independently retrieves its own keys from the KMS, so a KMS outage affects any host that needs to obtain new keys.

Concept tested. VM encryption behavior during KMS outage

No community discussion yet for this question.