Exam CCSP topic 1 question 71 discussion

iSCSI provides methods for data transport and block-level access to storage.

iSCSI (Internet Small Computer Systems Interface) does not natively include encryption for securing data in transit. Instead, encryption must be provided by an external protocol or application, such as: IPsec (Internet Protocol Security): For securing data at the network layer. TLS (Transport Layer Security): For securing application-layer communication. Without encryption, iSCSI traffic is vulnerable to interception and eavesdropping, making external encryption essential for secure deployments in cloud environments.

It's 100% D. Encryption: iSCSI does not provide built-in encryption for data in transit. To secure the data being transmitted, encryption must be handled by external protocols or applications, such as IPsec (Internet Protocol Security) or TLS (Transport Layer Security). These protocols can encrypt the data packets, ensuring confidentiality and integrity during transmission.

Authentication. When using iSCSI in a cloud environment, authentication must be handled by an external protocol or application to ensure secure connections.

B. Use CHAP (Challenge Handshake Authentication Protocol) to ensure each host has its own password.

Data Encryption: the data exchanged between the iSCSI initiator and iSCSI target is not encrypted, which is why an attacker who is able to sniff the data of the wire will also be able to reconstruct the data, or more precisely, the files and directories transferred between the two parties. Additionally, an attacker might also be able to inject his own data into the traffic, thus creating/modifying/deleting arbitrary files on the iSCSI target. To mitigate the risk, the IPsec ought to be used to properly encrypt the communication between the iSCSI endpoints. https://resources.infosecinstitute.com/topics/cloud/iscsi-security-considerations-cloud/

D. Encryption