Exam 2V0-21.19 topic 1 question 106 discussion

Agree B: https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-17568345-E59E-43A8-A811-92F8BE9C7719.html By default, the user with the vCenter Server Administrator role has all privileges. The No cryptography administrator role does not have the following privileges that are required for cryptographic operations. You can assign the No cryptography administrator role to vCenter Server administrators that do not need Cryptographic Operations privileges.

meant B is correct

• D. No Cryptography Administrator role https://docs.vmware.com/en/VMware-vSphere/6.7/com.vmware.vsphere.security.doc/GUID-17568345-E59E-43A8-A811-92F8BE9C7719.html#GUID-17568345-E59E-43A8-A811-92F8BE9C7719 You can assign the No cryptography administrator role to vCenter Server administrators that do not need Cryptographic Operations privileges. To further limit what users can do, you can clone the No cryptography administrator role and create a custom role with only some of the Cryptographic Operations privileges. For example, you can create a role that allows users to encrypt but not to decrypt virtual machines https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-93B962A7-93FA-4E96-B68F-AE66D3D6C663.html No Cryptography Administrator Role Users with the No cryptography administrator role for an object have the same privileges as users with the Administrator role, except for Cryptographic operations privileges. This role allows administrators to designate other administrators that cannot encrypt or decrypt virtual machines or access encrypted data, but that can perform all other administrative tasks.