Which CHAP authentication mechanisms are only available when using software and dependent hardware iSCSI adapters (Choose Two)?

A.
Mutual CHAP

B.
Per-Subnet CHAP

C.
Per-target CHAP

D.
One-way CHAP

Explanation:
From http://pubs.vmware.com/vsphere-50/index.jsp?topic=/com.vmware.vsphere.storage.doc_50/GUID-3F97FB05-3C92-4040-84E7-D928555B3808.html

ESXi supports the following CHAP authentication methods:

One-way CHAP
In one-way CHAP authentication, also called unidirectional, the target authenticates the initiator, but the initiator does not authenticate the target.

Mutual CHAP
In mutual CHAP authentication, also called bidirectional, an additional level of security enables the initiator to authenticate the target. VMware supports this method for software and dependent hardware iSCSI adapters only.

Show Hint

← Previous question

Next question →

Leave a Reply 6

wafwat

per your explanation wouldn’t A $ D be the correct answers?

Kevin

The answer is A and C

George

Key question is ‘only’, i too though it should be D but then found this in the vSphere Storage guide for esxi 5

Configuring CHAP Parameters for iSCSI Adapters
Because the IP networks that the iSCSI technology uses to connect to remote targets do not protect the data
they transport, you must ensure security of the connection. One of the protocols that iSCSI implements is the
Challenge Handshake Authentication Protocol (CHAP), which verifies the legitimacy of initiators that access
targets on the network.
CHAP uses a three-way handshake algorithm to verify the identity of your host and, if applicable, of the iSCSI
target when the host and target establish a connection. The verification is based on a predefined private value,
or CHAP secret, that the initiator and target share.
ESXi supports CHAP authentication at the adapter level. In this case, all targets receive the same CHAP name
and secret from the iSCSI initiator. For software and dependent hardware iSCSI adapters, ESXi also supports
per-target CHAP authentication, which allows you to configure different credentials for each target to achieve
greater level of security.
Choosing CHAP Authentication Method
ESXi supports one-way CHAP for all types of iSCSI initiators, and mutual CHAP for software and dependent
hardware iSCSI.
Before configuring CHAP, check whether CHAP is enabled at the iSCSI storage system and check the CHAP
authentication method the system supports. If CHAP is enabled, enable it for your initiators, making sure that
the CHAP authentication credentials match the credentials on the iSCSI storage.

kav

so which one is it. The text from Vsphere storage guide confused me even more?
Is it mutual or per target? or both? and it if both then VMWARE are giving us the bum stir on the questions because it does not say choose 2 on the exam just choose 1

karlocehttp://zipskinny.com/index.php?zip=73117&x=32&y=10

A & C are correct. key word is only. as one way chap is supported on both independent and dependent adapters.

per-target CHAP
For software and dependent hardware iSCSI adapters, ESXi also supports
per-target CHAP authentication, which allows you to configure different credentials for each target to achieve greater level of security.

Mutual CHAP
In mutual CHAP authentication, also called bidirectional, an additional level of security enables the initiator to authenticate the target. VMware supports this method for software and dependent hardware iSCSI adapters only.

scar

Below is from VMWare practice test

Question: Which CHAP authentication mechanisms are only available when using software and dependent hardware iSCSI adapters (Choose Two)?
Incorrect response(s):

One-way CHAP
Explanation: One-way CHAP is also available for independent hardware iSCSI adapters