Which two encryption keys does the host use when encrypting virtual machine files?

Which two encryption keys does the host use when encrypting virtual machine files? (Choose two.)
A. Public Key Infrastructure Encryption Key (PKI)
B. Master Encryption Key (MEK)
C. Data Encryption Key (DEK)
D. Key Encryption Key (KEK)

microsoft-exams

2 thoughts on “Which two encryption keys does the host use when encrypting virtual machine files?

  1. DEK is DISK Encryption Key, not DATA

    Two types of keys are used for encryption.

    The ESXi host generates and uses internal keys to encrypt virtual machines and disks. These keys are used as the disk encryption key (DEK) and are XTS-AES-256 keys.

    The key management server (KMS) sends keys to the vCenter Server upon request. These keys are used as the key encryption key (KEK) and are AES-256 keys. vCenter Server stores only the ID of each KEK, but not the key itself.

    https://pubs.vmware.com/vsphere-6-5/index.jsp?topic=%2Fcom.vmware.wssdk.pg.doc%2FPG_VM_Encryption.14.2.html

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.