How can you protect data access in transit between clients and ONTAP?

• A. Use plain HTTP without authentication.
• B. Use SMB1 only for encryption.
• C. Rely on disk encryption to protect data in transit.
• D. Use secure management channels (HTTPS/SSH), enable protocol-level encryption (SMB encryption, Kerberos for NFS), and employ network-level protections.

Answer: (D)

Protecting data as it moves between clients and ONTAP requires encryption and authenticated channels throughout the path. Use secure management channels like HTTPS for ONTAP management and SSH for administrative access, so credentials and commands aren’t exposed. For the actual file access paths, turn on protocol-level encryption: SMB encryption on SMB, and Kerberos-based authentication for NFS (which can provide strong authentication and, with proper configuration, encryption for in-transit data). Layer in network protections such as firewalls, segmentation, IPsec, or VPNs to limit exposure and ensure traffic travels over trusted paths. This combination delivers confidentiality, integrity, and proper authentication for data in transit. Relying on plain HTTP provides no encryption, SMB1 is outdated and lacks robust protection, and disk encryption protects only data at rest, not data in transit.