An architect is reviewing the security and compliance requirements for a new application that will be hosted on a vSphere 8 environment.

The following information has been noted about the new application:

The application stores and processes confidential data

The supporting virtual infrastructure is shared with other departments

No other application stores or processes confidential data

The application virtual machines must be able to run on any ESXi host in the cluster

The storage layer is a iSCSI attached SAN

Data at Rest Encryption is in place for each presented LUN validated to FIPS 140-2

No budget is available for additional infrastructure components or software

Application data must not be accessible outside of the application's virtual machines

The architect has been tasked with providing a secure virtual machine design to host the application.

Which three design elements must the architect include to meet the requirements? (Choose three.)