Two characteristics of the vSAN Data-At-Rest Encryption (DARE) are that it is Software Defined and works independently of the Cache or Capacity drives installed on the Nodes, and that it continues to operate unaffected during downtime on vCenter Server. DARE is a feature that encrypts all data stored on vSAN disks using AES-256 XTS mode. It does not require Self-Encrypting Drives (SEDs) to work, as it uses software-based encryption keys that are generated by an external Key Management Server (KMS) or a vSphere Native Key Provider. DARE also does not depend on the type or size of the disks used in the vSAN cluster, as it encrypts data after all other processing, such as deduplication and compression, is performed. DARE can function even when the vCenter Server is offline or unavailable, as it uses key persistence to store the encryption keys on the ESXi hosts or in a Trusted Platform Module (TPM). The hosts can access the keys without contacting the KMS or the vCenter Server. The other options are notcorrect, as they do not describe DARE accurately. DARE does not need to be enabled together with the vSAN Data-In-Transit encryption, as they are independent features that can be enabled or disabled separately. Data-In-Transit encryption encrypts data that is transmitted between hosts in a vSAN cluster using secure sockets layer (SSL) certificates. DARE is supported on Stretched Cluster environments, as it can encrypt data across multiple sites using site affinity rules.