Which of the following methods can be used to secure access to iSCSI storage when using ESX server? (Choose Two.)
A.
Enable CHAP authentication
B.
Disable promiscuous mode for the virtual switch containing the VMkernel port used for iSCSI
C.
Enable encryption on iSCSI initiator by selecting the iSCSI encrypt option
D.
Place virtual machines and the VMkernel port used for iSCSI on separate virtual switches
Explanation:
iSCSI SAN Configuration Guide ESX 4.0 ESXi 4.0 vCenter Server 4.0, page 37.Because the IP networks that the iSCSI technology uses to connect to remote targets do not protect the data they transport, you must ensure security of the connection. iSCSI requires that all devices on the network implement Challenge Handshake Authentication Protocol (CHAP), which verifies the legitimacy of initiators that access targets on the network, (A).
By placing virtual machines and the VMkernel port used for iSCSI on separate virtual switches you could prevent VMs accessing the iSCSI initiator, (D).