Which is the most secure method of connecting to an iSCSI storage array using an independent hardware iSCSI adapter?
A. One-way CHAP
B. Mutual CHAP
C. Per-target CHAP
D. Per-subnet CHAP
5 Comments on “Which is the most secure method of connecting to an iSCSI storage array using an independent hardware iSCSI ad”
Doesays:
One-way CHAP
In one-way CHAP authentication, also called unidirectional, the target authenticates the initiator, but the initiator does not authenticate the target.
Mutual CHAP
In mutual CHAP authentication, also called bidirectional, an additional level of security enables the initiator to authenticate the target. VMware supports this method for software and dependent hardware iSCSI adapters only.
“ESXi also supports per-target CHAP authentication, which allows you to configure different credentials for each target to achieve greater level of security.”
0
0
Bozosays:
For software and dependent hardware iSCSI adapters, you can set unidirectional CHAP and bidirectional CHAP for each adapter or at the target level. Independent hardware iSCSI supports CHAP only at the adapter level.
The answer is… time is over. The average test is about one question per minute. So you cannot think when you are doing the vmware freak quiz certification test.
You must memorize all this crazy stuff and pray for they dont change the test version.
0
0
Edsays:
A is correct as C allow No Chap, if the target does not support CHAP. Therefore, the most secure is One-way Chap. Won’t connect without Chap Authentication.
One-way CHAP
In one-way CHAP authentication, also called unidirectional, the target authenticates the initiator, but the initiator does not authenticate the target.
Mutual CHAP
In mutual CHAP authentication, also called bidirectional, an additional level of security enables the initiator to authenticate the target. VMware supports this method for software and dependent hardware iSCSI adapters only.
http://pubs.vmware.com/vsphere-50/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc_50%2FGUID-3F97FB05-3C92-4040-84E7-D928555B3808.html
0
0
Why not C?
http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.storage.doc%2FGUID-AC65D747-728F-4109-96DD-49B433E2F266.html
“ESXi also supports per-target CHAP authentication, which allows you to configure different credentials for each target to achieve greater level of security.”
0
0
For software and dependent hardware iSCSI adapters, you can set unidirectional CHAP and bidirectional CHAP for each adapter or at the target level. Independent hardware iSCSI supports CHAP only at the adapter level.
The answer is… time is over. The average test is about one question per minute. So you cannot think when you are doing the vmware freak quiz certification test.
You must memorize all this crazy stuff and pray for they dont change the test version.
0
0
A is correct as C allow No Chap, if the target does not support CHAP. Therefore, the most secure is One-way Chap. Won’t connect without Chap Authentication.
http://pubs.vmware.com/vsphere-51/index.jsp?topic=%2Fcom.vmware.vsphere.install.doc%2FGUID-7C9A1E23-7FCD-4295-9CB1-C932F2423C63.html#com.vmware.vsphere.storage.doc/GUID-3F97FB05-3C92-4040-84E7-D928555B3808.html?resultof=%2522%2569%256e%2564%2565%2570%2565%256e%2564%2565%256e%2574%2522%2520%2522%2569%256e%2564%2565%2570%2565%256e%2564%2522%2520%2522%2568%2561%2572%2564%2577%2561%2572%2565%2522%2520%2522%2568%2561%2572%2564%2577%2561%2572%2522%2520%2522%2563%2568%2561%2570%2522%2520
0
0
Bozo – awesome perspective!
0
0