FC-SP

Essential Storage & SAN Security Interview Questions

Posted on Updated on

Storage Fundamentals & Access Control

What is LUN masking? LUN (Logical Unit Number) Masking is an authorization process that makes a LUN available to specific hosts while hiding it from others.

  • Implementation: Primarily at the HBA (Host Bus Adapter) level, though some storage controllers also support it.
  • Risk: Masking at the HBA level is vulnerable if the HBA is compromised.
  • Importance: Crucial for Windows environments; Windows servers often try to write volume labels to every available LUN, which can corrupt data on LUNs intended for other operating systems.

What is SAN zoning? SAN zoning is the method of arranging Fibre Channel devices into logical groups within the physical fabric. It is used to compartmentalize data for security and performance. A single device can belong to multiple zones.

What are the differences between Hard and Soft Zoning?

  • Hard Zoning: Implemented in hardware. It physically blocks access to a zone from any device outside of it.
  • Soft Zoning: Implemented in software via name servers. It prevents ports from being “seen” by unauthorized devices. However, it is less secure because ports may still be accessible if an attacker correctly guesses the Fibre Channel address.

Port Zoning vs. WWN Zoning

  • Port Zoning: Uses physical switch ports to define zones. It is secure but rigid; moving a cable requires a configuration update.
  • WWN Zoning: Uses World Wide Names (64-bit unique addresses). It is flexible (you can recable without reconfiguring), but it is susceptible to WWN spoofing.

SAN Security & Attack Vectors

Common Attack Classes against SANs:

  1. Snooping: Unauthorized reading of private data.
  2. Spoofing: Impersonating a legitimate node to gain access or destroy data.
  3. Denial of Service (DoS): Flooding the fabric to reduce availability.

Fibre Channel Security Protocols:

  • FC-SP (Fibre Channel Security Protocol): A framework for authentication and cryptographically secure communication. It protects data in transit, not data at rest.
  • DH-CHAP: A secure key-exchange protocol (Diffie Hellman – Challenge Handshake Authentication Protocol) for switch-to-switch and host-to-switch authentication.
  • FCAP & FCPAP: Optional authentication mechanisms using certificates (FCAP) or passwords (FCPAP).

How are iSCSI and FCIP secured over IP? Per RFC 3723, block storage protocols transported over IP are secured using standard IPsec and IKE (Internet Key Exchange) protocols to provide authentication and data confidentiality.

I’ve organized these Q&A into logical categories: General Concepts, Hardware, Networking, Software-Defined/Cloud, and Backup/DR.

🏗️ Part 1: General Storage Concepts & RAID

  1. What is RAID? Redundant Array of Independent Disks; a way to combine multiple physical disks into a single logical unit for redundancy or performance.
  2. What is the difference between Hot and Cold Storage? Hot storage is for frequently accessed data (high performance, high cost); Cold is for archival data (low performance, low cost).
  3. What is RAID 0? Striping. It provides high performance but zero redundancy. If one disk fails, all data is lost.
  4. What is RAID 1? Mirroring. Data is written identically to two disks. High redundancy, but you lose 50% of your total capacity.
  5. What is RAID 5? Striping with distributed parity. Requires at least 3 disks. It can survive a single disk failure.
  6. What is RAID 6? Striping with double parity. Requires at least 4 disks. It can survive two simultaneous disk failures.
  7. What is RAID 10? A stripe of mirrors (1+0). Combines the speed of RAID 0 with the redundancy of RAID 1.
  8. What is a Hot Spare? An idle drive in an array that automatically replaces a failed drive to begin an immediate rebuild.
  9. What is IOPS? Input/Output Operations Per Second; a key performance metric for storage.
  10. What is Throughput? The amount of data transferred over time, usually measured in MB/s or GB/s.
  11. What is Latency? The time delay between a data request and the start of the data transfer.
  12. What is Throttling? Intentionally slowing down I/O to prevent a single application from consuming all resources.
  13. What is Striping? Breaking data into blocks and spreading them across multiple disks to increase speed.
  14. What is Mirroring? Creating an exact copy of data on another disk.
  15. What is Parity? A mathematical calculation used in RAID (like RAID 5/6) to reconstruct data if a drive fails.
  16. What is the “Write Hole” in RAID? A corruption scenario where a power failure occurs mid-write, leaving data and parity out of sync.
  17. What is JBOD? “Just a Bunch Of Disks”; disks are used individually or spanned without RAID protection.
  18. What is Thin Provisioning? Allocating storage on-demand rather than reserving the full capacity upfront.
  19. What is Thick Provisioning? Reserving the entire amount of storage space on the physical disk at the time of creation.
  20. What is a LUN? A Logical Unit Number used to identify a slice of storage presented to a host.

🔌 Part 2: Connectivity & Networking (SAN/NAS)

  1. What is the difference between SAN and NAS? SAN is block-level (Fibre Channel/iSCSI); NAS is file-level (NFS/SMB).
  2. What is iSCSI? Internet Small Computer System Interface; carries SCSI commands over IP networks.
  3. What is an IQN? iSCSI Qualified Name; a unique identifier for iSCSI initiators and targets.
  4. What is a Target? The storage resource (the “server” side of a storage connection).
  5. What is an Initiator? The host/server that consumes the storage (the “client” side).
  6. What is Fibre Channel (FC)? A high-speed network technology used primarily for SANs.
  7. What is FCoE? Fibre Channel over Ethernet; encapsulates FC frames into Ethernet packets.
  8. What is Multi-pathing? Using multiple physical paths between a server and storage to provide redundancy and load balancing.
  9. What is an HBA? Host Bus Adapter; a circuit board/adapter that connects a host to a storage network.
  10. What is a Fabric? A network of switches, hubs, and devices connected via Fibre Channel.
  11. What is an N_Port? A Node Port used to connect a host or storage device to the fabric.
  12. What is an F_Port? A Fabric Port on a switch that connects to an N_Port.
  13. What is an E_Port? An Expansion Port used to connect two switches (Inter-Switch Link).
  14. What is ISL? Inter-Switch Link; a connection between two SAN switches.
  15. What is Oversubscription? Assigning more logical storage to hosts than is physically available (common in thin provisioning).
  16. What is SMB/CIFS? Server Message Block; a file-sharing protocol primarily used by Windows.
  17. What is NFS? Network File System; a file-sharing protocol primarily used by Linux/Unix.
  18. What is an Alias in SAN zoning? A user-friendly name given to a WWN to make management easier.
  19. What is a Zone Set? A collection of zones that are activated together on a fabric.
  20. What is Jumbo Frames? Ethernet frames with more than 1500 bytes of payload (usually 9000), used to improve iSCSI performance.

💾 Part 3: Hardware (SSD, HDD, NVMe)

  1. What is an SSD? Solid State Drive; uses flash memory with no moving parts.
  2. What is an HDD? Hard Disk Drive; uses rotating magnetic platters.
  3. What is NVMe? Non-Volatile Memory Express; a high-performance protocol designed specifically for SSDs.
  4. What is NVMe-oF? NVMe over Fabrics; extending NVMe performance across a network (FC or TCP).
  5. What is SLC? Single-Level Cell flash; 1 bit per cell. Fastest and most durable.
  6. What is MLC? Multi-Level Cell flash; 2 bits per cell.
  7. What is TLC? Triple-Level Cell flash; 3 bits per cell. Common in enterprise storage.
  8. What is QLC? Quad-Level Cell flash; 4 bits per cell. High density, lower endurance.
  9. What is Wear Leveling? A technique to ensure data is written evenly across all flash cells to extend SSD life.
  10. What is Over-provisioning in SSDs? Reserving extra flash capacity to improve controller performance and endurance.
  11. What is a SAS drive? Serial Attached SCSI; enterprise-grade drives known for reliability.
  12. What is a SATA drive? Serial ATA; consumer-grade drives used for bulk high-capacity storage.
  13. What is an M.2 drive? A small form factor for SSDs, commonly used for boot drives.
  14. What is “Tiering”? Automatically moving data between different types of disks (e.g., SSD for “hot” data, HDD for “cold”).
  15. What is Caching? Using a small amount of fast storage (RAM or SSD) to temporarily hold data for faster access.
  16. What is Write-Back Cache? Data is written to cache and acknowledged to the host immediately, then written to disk later.
  17. What is Write-Through Cache? Data is written to the disk and cache simultaneously before acknowledging to the host.
  18. What is a Battery Backed Module (BBM)? Protects data in the controller cache during a power failure.
  19. What is DWPD? Drive Writes Per Day; a measurement of an SSD’s endurance.
  20. What is MTBF? Mean Time Between Failures; a statistical estimate of a drive’s reliability.

☁️ Part 4: Modern Tech (SDS, Cloud, Object)

  1. What is SDS? Software-Defined Storage; storage software that is independent of the hardware it runs on.
  2. What is Object Storage? Storage that manages data as objects with metadata (e.g., Amazon S3).
  3. What is a Bucket? A logical container for objects in Object Storage.
  4. What is Metadata? Data about data (e.g., creation date, file type, custom tags).
  5. What is a Flat Namespace? Used in object storage; unlike hierarchical folders, all objects exist at the same level.
  6. What is Hyperconverged Infrastructure (HCI)? Combines compute, storage, and networking into a single software-defined node (e.g., Nutanix, vSAN).
  7. What is Unified Storage? A system that supports both Block (SAN) and File (NAS) protocols.
  8. What is Data Deduplication? Removing redundant copies of data to save space.
  9. What is Compression? Reducing the size of data by removing repetitive patterns.
  10. What is an “All-Flash Array” (AFA)? A storage system that only contains SSDs.
  11. What is Hybrid Storage? A system that mixes SSDs and HDDs.
  12. What is REST API in storage? An interface used to manage storage programmatically (common in cloud/SDS).
  13. What is Data Immutability? Data that cannot be modified or deleted once written (key for Ransomware protection).
  14. What is WORM? Write Once, Read Many; a type of immutable storage.
  15. What is S3? Simple Storage Service; the industry-standard protocol for object storage created by AWS.
  16. What is Data Sovereignty? The concept that data is subject to the laws of the country where it is physically stored.
  17. What is Cold Tiering? Automatically moving aged data from expensive cloud storage to cheaper archive tiers (e.g., S3 Glacier).
  18. What is a Storage Gateway? A device that connects on-premises apps to cloud storage.
  19. What is “Egress Fees”? Costs charged by cloud providers for moving data out of their network.
  20. What is Scale-Out Storage? Adding performance and capacity by adding more nodes to a cluster.

🛡️ Part 5: Backup, Recovery & Management

  1. What is a Snapshot? A point-in-time “picture” of a LUN or file system.
  2. What is a Clone? A full, independent copy of a volume or LUN.
  3. What is Replication? Copying data from one storage array to another (local or remote).
  4. What is Synchronous Replication? Data is written to both sites simultaneously (zero data loss, but limited by distance).
  5. What is Asynchronous Replication? Data is written to the primary site and then copied to the secondary site after a delay.
  6. What is RPO? Recovery Point Objective; the maximum amount of data loss acceptable (measured in time).
  7. What is RTO? Recovery Time Objective; the maximum time allowed to restore service after a failure.
  8. What is an Incremental Backup? Backs up only the data that has changed since the last backup of any type.
  9. What is a Differential Backup? Backs up data that has changed since the last full backup.
  10. What is an “Air Gap”? A security measure where a backup copy is physically or logically disconnected from the network.
  11. What is Disaster Recovery (DR)? A plan for restoring IT infrastructure after a major failure or catastrophe.
  12. What is Business Continuity? The broader plan to keep a business running during a disaster.
  13. What is a Quorum Disk? A disk used in clusters to maintain configuration info and help decide which nodes are active.
  14. What is Data Scrubbing? An automated background process that checks for and repairs “bit rot” or silent data corruption.
  15. What is “Bit Rot”? The slow deterioration of data on storage media over time.
  16. What is a Consistency Group? A collection of LUNs that are snapshotted or replicated at the exact same moment to ensure write-order consistency.
  17. What is Redirect-on-Write (RoW)? A snapshot method where new writes are sent to a new location, leaving the original data as the snapshot.
  18. What is Copy-on-Write (CoW)? A snapshot method where original data is copied to a snapshot reserve before being overwritten.
  19. What is 3-2-1 Backup Rule? 3 copies of data, on 2 different media, with 1 copy off-site.
  20. What is a Storage Controller? The “brain” of the storage array that manages I/O, RAID, and features like deduplication.

StorageAdmin #SAN #CyberSecurity #DataCenter #SysAdmin #TechInterview #LUNMasking #Networking #CloudInfrastructure #LazyAdmin

This entry was posted in Interview and tagged , , , , , , , , , .