Nutanix Certified Associate Practice Exam

Disable ads (and more) with a membership for a one time $4.99 payment

Prepare for the Nutanix Certified Associate Exam with tailored resources, including multiple choice questions and detailed explanations. Hone your skills and master the exam content for success!

Start Multiple Choice Practice Test
Start Flash Cards

Practice this question and more.

Where should a third-party key management server be hosted when configuring Data-at-Rest Encryption for a Nutanix cluster?

  1. As a VM on the Nutanix cluster

  2. On external hardware

  3. As a clustered VM within the cluster

  4. On the Prism leader CVM host

The correct answer is: On external hardware

Hosting a third-party key management server on external hardware ensures that it operates independently from the Nutanix cluster itself. This configuration is essential for maintaining the integrity and security of the encryption keys used for Data-at-Rest Encryption. By keeping the key management server external, you can mitigate risks associated with potential cluster vulnerabilities, such as unauthorized access or data breaches. Additionally, an external setup allows for better management and redundancy, as key management services can be configured to operate across multiple environments and be integrated with other applications or services outside of Nutanix. This practice adheres to common security principles, which advocate for the separation of duties and the isolation of sensitive components from the systems they protect. Options that suggest hosting the key management server as a VM on the Nutanix cluster, in a clustered VM within the cluster, or on the Prism leader CVM host could create dependencies that pose risks. If the Nutanix environment faced issues or was compromised, the key management service could also be affected, presenting a higher chance of losing access to the encrypted data. Thus, hosting the server externally aligns with best practices for security and data protection.

More Questions Like This