Listen to this Post

Introduction:
In the CISSP exam, understanding RAID (Redundant Array of Independent Disks) is not about implementation details but about selecting the right level based on context—performance, fault tolerance, disk count, and budget. Candidates often face subtle questions where two RAID levels appear viable, requiring a deep grasp of trade-offs within the CIA triad’s availability pillar.
Learning Objectives:
- Differentiate RAID 0, 1, 5, 6, and 10 by performance, redundancy, and minimum disk requirements.
- Apply a 4-question decision tree to quickly select the optimal RAID level for any scenario.
- Execute Linux and Windows commands to check, configure, and simulate RAID arrays for hands-on reinforcement.
You Should Know:
1. The 4-Question Decision Tree for RAID Selection
The original post’s decision tree boils down to these four questions. Answer them sequentially to eliminate wrong options in the exam.
Question 1: Is data loss acceptable if a single disk fails?
– Yes → RAID 0 (striping, no redundancy).
– No → Proceed to Question 2.
Question 2: Do you need maximum write performance with minimal overhead?
– Yes, and you have 3+ disks → RAID 5 (striping with single parity).
– No, or you need more fault tolerance → Proceed to Question 3.
Question 3: Can you tolerate the loss of two disks simultaneously?
– Yes → RAID 6 (double parity, minimum 4 disks).
– No → Proceed to Question 4.
Question 4: Is rebuilding speed and high I/O critical (e.g., database logs)?
– Yes → RAID 10 (striped mirrors, minimum 4 disks).
– No → RAID 1 (mirroring, 2 disks) or RAID 5 as fallback.
Step‑by‑step guide to using the tree:
- Read the scenario and identify the single most constrained resource (e.g., only 3 disks, need 99.99% uptime).
- Walk through the questions; if two levels survive, the one with higher fault tolerance or lower cost (per the scenario) is usually correct.
- Example: “4 disks, high write workload, tolerate one failure” → RAID 10 over RAID 6 because writes are faster (no parity calculation).
- Linux RAID Commands with `mdadm` – From Inspection to Simulation
Linux systems use `mdadm` (multiple device admin) to manage software RAID. These commands help you verify existing arrays and understand RAID behavior.
Check current RAID status:
cat /proc/mdstat mdadm --detail /dev/md0
Simulate a degraded RAID 5 array (for learning):
Create test loop devices dd if=/dev/zero of=/tmp/disk1.img bs=1M count=100 dd if=/dev/zero of=/tmp/disk2.img bs=1M count=100 dd if=/dev/zero of=/tmp/disk3.img bs=1M count=100 losetup -f /tmp/disk1.img losetup -f /tmp/disk2.img losetup -f /tmp/disk3.img Assemble RAID 5 mdadm --create /dev/md0 --level=5 --raid-devices=3 /dev/loop0 /dev/loop1 /dev/loop2 Fail a disk mdadm --manage /dev/md0 --fail /dev/loop0 mdadm --detail /dev/md0 Observe degraded state
Recover and remove failed disk:
mdadm --manage /dev/md0 --remove /dev/loop0 mdadm --manage /dev/md0 --add /dev/loop3 new spare
Step‑by‑step explanation:
– `/proc/mdstat` shows real-time array status (UUU = all healthy, U = missing disk).
– `–create` builds the array; never run on production without backups.
– `–fail` emulates a disk crash; the array remains usable (except RAID 0).
– This exercise replicates the “complex scenario” the CISSP exam uses to test recovery knowledge.
- Windows RAID Management via Diskpart and Storage Spaces
Windows Server and some client editions support RAID-like functionality through Storage Spaces or dynamic disks.
Check existing RAID configuration:
Get-VirtualDisk | Format-Table FriendlyName, ResiliencySettingName, Size Get-PhysicalDisk | Format-Table FriendlyName, MediaType, HealthStatus
Create a mirrored volume (RAID 1) using Diskpart:
diskpart list disk select disk 1 convert dynamic select disk 2 convert dynamic create volume simple size=1000 disk=1 add disk=2 Then convert to mirror list volume select volume X break disk=2 Not directly; use Storage Spaces for simplicity
Storage Spaces (RAID 10 equivalent – two-way mirror with column count):
New-StoragePool -FriendlyName "CISSPPool" -StorageSubSystemFriendlyName "Storage Spaces" -PhysicalDisks (Get-PhysicalDisk -CanPool $true) New-VirtualDisk -StoragePoolFriendlyName "CISSPPool" -FriendlyName "RAID10_Vol" -ResiliencySettingName Mirror -NumberOfColumns 2 -Interleave 64KB -Size 500GB Initialize-Disk -VirtualDisk (Get-VirtualDisk -FriendlyName "RAID10_Vol") New-Partition -DiskNumber (Get-Disk -FriendlyName "RAID10_Vol").Number -UseMaximumSize -DriveLetter E
Step‑by‑step guide:
- Storage Spaces’ `Mirror` resiliency with `-NumberOfColumns 2` over 4 physical disks yields RAID 10 (striped mirrors).
- The exam often tests awareness that Windows does not expose classic RAID levels under “RAID 10” but achieves the same effect.
- Use `Get-ResiliencySetting` to see supported configurations.
- Performance vs. Fault Tolerance: A Quantitative Cheat Sheet
Memorize this table for the exam’s subtle “two viable RAID” questions.
| RAID | Min Disks | Read Speed | Write Speed | Fault Tolerance | Usable Capacity | Typical Use |
||–||-|–|-|–|
| 0 | 2 | Nx | Nx | 0 disks | 100% | Video editing, temp files |
| 1 | 2 | 2x (reads) | 1x | 1 disk | 50% | OS boot, small DB logs |
| 5 | 3 | (N-1)x | < (N-1)x (parity) | 1 disk | (N-1)/N | File servers, general storage |
| 6 | 4 | (N-2)x | Lower than RAID5 | 2 disks | (N-2)/N | Archival, high-reliability |
| 10 | 4 | Nx | N/2x (mirror overhead) | 1 per mirror | 50% | High-performance DB, VMs |
Exam trap example: Question says “4 disks, need maximum write speed with one-disk failure tolerance.” Novice picks RAID 5 (3+ parity). But RAID 10 writes faster (no parity calculation) and also tolerates 1 disk. Correct answer depends on whether “rebuild impact” is mentioned – RAID 10 rebuilds faster.
- RAID Security and Availability Hardening (CISSP Domain 3)
RAID is purely an availability control; it does not protect against deletion, corruption, or theft. In cloud and hybrid environments, RAID is often virtualized.
Hardening steps for physical RAID controllers:
- Set a BIOS/UEFI password to prevent reconfiguration of RAID arrays.
- Enable RAID controller battery backup or flash cache to avoid write hole (RAID 5/6).
- Monitor SMART attributes proactively:
Linux smartctl -a /dev/sda | grep -E "Reallocated_Sector|Current_Pending_Sector" Windows (Admin PowerShell) Get-PhysicalDisk | Get-StorageReliabilityCounter | Format-List Wear, ReadErrorsTotal
Cloud hardening equivalent:
- AWS EBS volumes use replication (similar to RAID 1 across AZs).
- Azure Premium SSDs with zone-redundant storage (ZRS) emulate RAID 10 behavior.
- For API security, ensure that storage management API calls (e.g.,
CreateVolume) are logged and require MFA – attackers who compromise credentials could delete RAID arrays.
Step‑by‑step to mitigate the “RAID write hole” (RAID 5/6 vulnerability):
– On Linux with mdadm, enable write intent bitmap: `mdadm –grow –bitmap=internal /dev/md0` – this tracks pending writes so a crash after parity update but before data write does not cause inconsistency.
– On hardware RAID, ensure the controller has non-volatile cache (BBU or flash).
– The CISSP exam may ask: “Which RAID level suffers from the write hole?” Answer: RAID 5 and 6. Mitigation: Battery-backed cache or atomic write support.
6. Exam-Specific Scenarios: Two Viable RAIDs Unpacked
The post warns that the exam presents two valid RAIDs in one question. Here are three classic pairs.
Scenario A: “3 disks, read-intensive reporting, low budget, must survive one disk failure.”
– Viable: RAID 5 (66% capacity) and RAID 1 (using 2 disks + hot spare).
– Decision factor: hot spare leaves 50% capacity vs RAID 5 gives 66%. Pick RAID 5 unless the scenario mentions “frequent write bursts” – then RAID 1 with spare avoids parity overhead.
Scenario B: “4 disks, video surveillance write workload, tolerate one failure, rebuild time critical.”
– Viable: RAID 10 and RAID 6.
– Decision factor: RAID 10 rebuilds by copying from the surviving mirror (fast). RAID 6 recalculates double parity (slow). Question will add “high write load 24/7” → RAID 10.
Scenario C: “2 disks, database transaction logs, no redundancy required.”
– Viable: RAID 0 and just a single disk (JBOD).
– Decision factor: RAID 0 provides faster writes because of striping, but if the question mentions “avoid any single point of failure in the controller” – trick answer: RAID 0 still has controller single point, so JBOD with separate controllers per disk is “better.” Rare but shows depth.
What Undercode Say:
- Key Takeaway 1: RAID selection is a trade-off triangle: performance, fault tolerance, and cost efficiency. The CISSP exam tests your ability to prioritize the missing constraint in a narrative, not raw memorization.
- Key Takeaway 2: Hands-on practice with `mdadm` and Storage Spaces demystifies why RAID 10 beats RAID 5 in write-heavy scenarios – parity calculation latency is real, and mirroring avoids it entirely.
Analysis (10 lines):
The original post emphasizes a decision tree, which is exactly how security architects should think – context drives control selection. Many students overcomplicate RAID by memorizing disk counts, but the exam’s subtlety lies in scenarios where two levels satisfy minimum disks. For example, RAID 10 and RAID 5 both work with 4 disks, but write performance differs by orders of magnitude. Also, the availability domain of CISSP (Domain 3) often couples RAID with backups – a common trap is to select RAID as a backup substitute, which is wrong. RAID protects against hardware failure, not logical corruption. The commands provided here (failing a disk in Linux, checking SMART data) build muscle memory for incident response questions. Finally, cloud storage abstractions (EBS, Azure Disks) hide RAID, but the principles remain – exam questions now compare “stripe count” and “mirroring” in virtualized contexts.
Prediction:
As NVMe and SSD costs drop, RAID 5 and 6 will decline in enterprise exams due to write amplification reducing SSD lifespan. CISSP will increasingly test RAID 10 (mirrored stripes) and emerging erasure coding (e.g., Reed-Solomon) used in distributed storage like Ceph. Expect future questions on “RAID 5 write hole” to shift toward “how do NVMe-oF and persistent memory change parity RAID viability?” – the answer being that software-defined storage and disaggregated architectures make traditional RAID levels legacy concepts, but the CIA trade-off reasoning remains eternal.
▶️ Related Video (82% Match):
🎯Let’s Practice For Free:
IT/Security Reporter URL:
Reported By: Biren Bastien – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]


