To study for VMware HCI Master Specialist Exam | vSAN认证考试题目学习
67. A capacity upgrade to a production vSAN 7.0 U1 cluster will provide an administrator with a number of SSD storage devices that can be reused in the development vSAN Cluster.
The company security policy mandates the following:
• All data must be encrypted-at-rest.
• All data on all drives must be securely erased before being removed and reused.
Which two steps should the administrator take to ensure that all data on the storage devices is securely erased? (Choose two.)
- A. When putting the node in maintenance mode, choose the Ensure data accessibility option.
- B. Run the Start-VsanWipeDisk PowerCLI command.
- C. Turn off vSAN Encryption on the vSAN Cluster.
- D. When putting the nodes in maintenance mode, choose the Evacuate all data option.
- E. When putting the node in maintenance mode, choose the No data evacuation option.
Explaination:
To securely erase all data on the storage devices in a vSAN cluster, while adhering to the company’s security policy of encrypting all data at rest and ensuring all data on drives is securely erased before reuse, the administrator should consider the following steps:
- Evacuate all data option when putting the nodes in maintenance mode (Option D): This step is crucial for ensuring that all data is moved off the SSDs before they are removed from the production vSAN cluster. Choosing the “Evacuate all data” option ensures that no data remains on the disks, which aligns with the security policy of not leaving any data on drives that are to be reused.
- Run the Start-VsanWipeDisk PowerCLI command (Option B): After the data evacuation, using the
Start-VsanWipeDiskPowerCLI command will securely erase all data on the disks. This step is in compliance with the company policy that mandates secure erasure of all data on drives before they are removed and reused. This command is specifically designed to wipe all data from the disks in a vSAN cluster, ensuring that no recoverable data is left on the drives.
The other options are less suitable:
- Ensure data accessibility option when putting the node in maintenance mode (Option A): This option would not evacuate all data from the storage devices, which is necessary for secure data erasure.
- Turn off vSAN Encryption on the vSAN Cluster (Option C): Disabling encryption does not contribute to the secure erasure of data. It’s important to maintain encryption until the data is securely wiped to comply with the encryption-at-rest policy.
- No data evacuation option when putting the node in maintenance mode (Option E): This option would leave data on the drives, which contradicts the requirement to securely erase all data before reuse.
Therefore, the most appropriate steps to take are Options D (Evacuate all data) and B (Run the Start-VsanWipeDisk PowerCLI command).
对于生产 vSAN 7.0 U1 集群的容量扩充,管理员将获得多个可在开发 vSAN 集群中重复使用的 SSD 存储设备。公司安全策略规定如下:
- 所有数据必须在静止时加密。
- 在拆卸和重复使用所有驱动器上的所有数据之前,必须进行安全擦除。
管理员应采取哪两个步骤来确保存储设备上的所有数据被安全擦除?(选择两个。)
- A. 将节点置于维护模式时,选择“确保数据可访问性”选项。
- B. 运行 Start-VsanWipeDisk PowerCLI 命令。
- C. 关闭 vSAN 集群的 vSAN 加密。
- D. 将节点置于维护模式时,选择“疏散所有数据”选项。
- E. 将节点置于维护模式时,选择“不疏散数据”选项。
解释:
为了在遵守公司的安全政策(在静止时加密所有数据并在重复使用前确保所有驱动器上的数据被安全擦除)的同时,安全擦除 vSAN 集群中存储设备上的所有数据,管理员应考虑以下步骤:
在将节点置于维护模式时选择“疏散所有数据”选项(选项 D):这一步对于确保在从生产 vSAN 集群中拆除 SSD 之前,所有数据都被移出是至关重要的。选择“疏散所有数据”选项可以确保磁盘上不留下任何数据,这符合安全政策,不在即将重复使用的驱动器上留下任何数据。
运行 Start-VsanWipeDisk PowerCLI 命令(选项 B):数据疏散后,使用 Start-VsanWipeDisk PowerCLI 命令可以安全擦除磁盘上的所有数据。这一步符合公司要求在拆卸和重复使用前对所有驱动器上的数据进行安全擦除的政策。这个命令专门用于擦除 vSAN 集群中磁盘上的所有数据,确保驱动器上没有可恢复的数据。
其他选项不太合适:
将节点置于维护模式时选择“确保数据可访问性”选项(选项 A):这一选项不会从存储设备中疏散所有数据,这是安全数据擦除所必需的。
关闭 vSAN 集群的 vSAN 加密(选项 C):禁用加密不会有助于数据的安全擦除。在数据安全擦除之前保持加密以符合静止时加密的政策是重要的。
将节点置于维护模式时选择“不疏散数据”选项(选项 E):这一选项会在驱动器上留下数据,这与重复使用前安全擦除所有数据的要求相矛盾。
因此,最合适的步骤是选项 D(疏散所有数据)和 B(运行 Start-VsanWipeDisk PowerCLI 命令)。
