A company relies exclusively on hourly snapshots that the SAN takes of the same RAID volume storing a group of production virtual machines. No secondary copy is exported, replicated, or written to external media. Which risk is still unmitigated by this approach to data protection?
The first snapshot immediately consumes 100 percent of the volume capacity, exhausting available disk space.
A total failure of the primary storage array would eliminate both the live data and all snapshots.
Snapshots cannot be used to recover files that users delete between full backups.
Each snapshot requires the virtual machines to be shut down, causing scheduled downtime at every interval.
Snapshots created on the same storage array as the live data protect only against logical mistakes-such as accidental file deletion-because they merely record changed blocks and pointers on the primary array. If the array itself suffers a catastrophic outage (fire, controller failure, firmware bug, theft, etc.), both the production volumes and every snapshot that references those volumes are lost in the same event. Therefore, relying on on-array snapshots alone violates the rule that a backup must exist in a separate failure domain.
Why the other options are wrong:
Snapshots are copy-on-write, so the initial snapshot consumes minimal space and grows only as blocks change, not the full size of the volume.
Modern hypervisors allow online snapshots; the VMs do not need to be powered off, so scheduled downtime is unnecessary.
Snapshots do capture a point-in-time copy of data and are frequently used to restore accidentally deleted files; the limitation is their dependence on the original storage, not their inability to roll back logical changes.