nerdexam
(ISC)2

CISSP · Question #755

By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

The correct answer is B. opportunity to sniff network traffic exists.. Running SAN storage communications over TCP/IP (iSCSI) introduces standard network-layer security risks, most notably the ability to passively intercept unencrypted storage traffic.

Submitted by mateo_ar· Mar 5, 2026Communication and Network Security

Question

By allowing storage communications to run on top of Transmission Control Protocol/Internet Protocol (TCP/IP) with a Storage Area Network (SAN), the

Options

  • Aconfidentiality of the traffic is protected.
  • Bopportunity to sniff network traffic exists.
  • Copportunity for device identity spoofing is eliminated.
  • Dstorage devices are protected against availability attacks.

How the community answered

(45 responses)
  • A
    4% (2)
  • B
    84% (38)
  • C
    9% (4)
  • D
    2% (1)

Why each option

Running SAN storage communications over TCP/IP (iSCSI) introduces standard network-layer security risks, most notably the ability to passively intercept unencrypted storage traffic.

Aconfidentiality of the traffic is protected.

Running storage communications over TCP/IP does not inherently protect confidentiality; without additional encryption mechanisms like IPsec, the traffic is transmitted in cleartext and is vulnerable to interception.

Bopportunity to sniff network traffic exists.Correct

When SAN traffic travels over standard TCP/IP networks using protocols like iSCSI, it is subject to the same passive interception risks as any other IP-based traffic. Without encryption (such as IPsec or TLS), an attacker with access to the network path can use a packet sniffer to capture raw storage I/O data, including sensitive file contents and credentials, because the traffic is not inherently confidential at the transport layer.

Copportunity for device identity spoofing is eliminated.

TCP/IP-based SANs are actually more susceptible to identity spoofing attacks (such as iSCSI initiator name spoofing) compared to Fibre Channel SANs that use WWN zoning, so the opportunity for spoofing is not eliminated.

Dstorage devices are protected against availability attacks.

Placing storage communications on TCP/IP networks exposes storage devices to network-based availability attacks such as Denial of Service (DoS), meaning availability protection is not provided and may in fact be reduced compared to isolated SAN fabrics.

Concept tested: IP-based SAN security risks and vulnerabilities

Source: https://csrc.nist.gov/publications/detail/sp/800-209/final

Topics

#Storage Area Network (SAN)#TCP/IP security#Network sniffing#Data-in-transit security

Community Discussion

No community discussion yet for this question.

Full CISSP Practice