An administrator is using virtual machine encryption in their vSphere 6.5 environment. The Key Management Server (KMS) has experienced a critical failure.
Which two statements are true about VM encryption when the KMS is not available? (Choose two.)
A. VMs will shut down gracefully in the event of a KMS outage as a proactive measure to prevent data theft.
B. VMs which were running at the time of the KMS failure will continue to run.
C. If an ESXi host is rebooted,it will be unable to power on encrypted VMs until KMS connectivity is restored.
D. vCenter Server will continue to distribute encryption keys as long as it is not rebooted while the KMS is unreachable.
E. ESXi hosts within the same cluster will share keyswith one another while the KMS is unreachable.
B,C
The key are stored into ESXi and all the VM can continue to crypt!
If a ESXi host will be rebooted, in this case the VM are unable to crypt the disk because the ESXi cache was been erased.
If the KMS is not available, virtual machine operations that require that vCenter Server request the key from the KMS are not possible. That means running virtual machines continue to run, and you can power on, power off, and reconfigure those virtual machines. However, you cannot relocate the virtual machine to a host that does not have the key information.
https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-B3DA9865-A28F-4EFD-ACF4-CBC8813ED110.html