Exam 3V0-21.23 topic 1 question 26 discussion

An architect is reviewing the security and compliance requirements for a new application that will be hosted on a vSphere 8 environment.
The following information has been noted about the new application:
The application stores and processes confidential data
The supporting virtual infrastructure is shared with other departments
No other application stores or processes confidential data
The application virtual machines must be able to run on any ESXi host in the cluster
The storage layer is a iSCSI attached SAN
Data at Rest Encryption is in place for each presented LUN validated to FIPS 140-2
No budget is available for additional infrastructure components or software
Application data must not be accessible outside of the application's virtual machines
The architect has been tasked with providing a secure virtual machine design to host the application.
Which three design elements must the architect include to meet the requirements? (Choose three.)