An administrator manages a Nutanix cluster hosting a mixed workload environment, including general-purpose VMs and...

Nutanix supports storage policy–based encryption in Prism Central, which is exactly the right mechanism when only a subset of workloads needs encryption. Nutanix documentation explains that in addition to cluster-level encryption, administrators can configure storage policies to encrypt data at rest and apply those policies selectively. Since the PCI-DSS workloads are already logically groupable by category, the proper design is to create a storage policy with encryption enabled and then associate it with the category assigned to those VMs. That makes C correct. ( portal.nutanix.com , portal.nutanix.com , portal.nutanix.com )

Cluster-level encryption would encrypt too much, which violates the requirement to leave general-purpose VMs unencrypted. Guest OS BitLocker is a separate operating-system control, not the Nutanix platform answer being tested here. Container-centric thinking is older and less flexible than policy-based encryption. Nutanix’s policy model is the authentic platform-aligned solution for category-scoped encryption using an external KMS.