Q: 17
An administrator attempted to enable Data-in-Transit Encryption on a Scale-Out Prism Central cluster
to encrypt service-level traffic between nodes. However, the feature did not work correctly due to a
firewall restriction.
Which CVM-specific port should be allowed through the firewall for Data-in-Transit Encryption?
Options
Discussion
Option A
A tbh
C , I'd go with 2020 since that's sometimes used for secure comms in other contexts, though I might be mixing it up. Anyone else seen this port referenced for DiTE on Prism Central?
I don’t think C fits here, A is the port for Prism Central KMS cluster traffic when enabling Data-in-Transit Encryption. The other ports have different roles. Pretty sure from Nutanix docs, but open to correction if I missed something.
Nah, not D-9440 is only for Prism UI/API. For Data-in-Transit Encryption on Scale-Out Prism Central, it's A since port 2009 is used by KMS communication between CVMs. Easy to get tricked by the others because they look familiar, but only 2009 fits here. Pretty sure that's spot on, but let me know if you see otherwise.
A
A here. Port 2009 is what Prism Central uses for the KMS cluster traffic needed for Data-in-Transit Encryption. Other ports don’t relate directly to DiTE in this context. Pretty sure unless Nutanix updates change it, let me know if I missed something.
D , but think it's a trap. Port 9440 is for Prism UI/API, not for Data-in-Transit Encryption specifically. A is correct for Scale-Out Prism Central based on what I've seen, but double-check your environment docs if unsure.
Seen exactly similar question in my exam, it's A.
A imo. 2020 looks tempting as it's used elsewhere, but for Prism Central Data-in-Transit Encryption, port 2009 is what the KMS cluster/zookeeper uses between nodes. Saw this in practice questions too. If anyone has a different lab result let me know.
Be respectful. No spam.
