nerdexam
EC-Council

312-50V10 · Question #487

Backing up data is a security must. However, it also have certain level of risks when mishandled. Which of the following is the greatest threat posed by backups?

The correct answer is D. An unencrypted backup can be misplaced or stolen. While all listed backup risks are valid concerns, an unencrypted backup that is lost or stolen directly exposes sensitive data to unauthorized parties, representing the greatest confidentiality threat.

Information Security and Ethical Hacking Fundamentals

Question

Backing up data is a security must. However, it also have certain level of risks when mishandled. Which of the following is the greatest threat posed by backups?

Options

  • AA backup is the source of Malware or illicit information
  • BA backup is incomplete because no verification was performed
  • CA backup is unavailable during disaster recovery
  • DAn unencrypted backup can be misplaced or stolen

How the community answered

(28 responses)
  • A
    4% (1)
  • B
    7% (2)
  • C
    4% (1)
  • D
    86% (24)

Why each option

While all listed backup risks are valid concerns, an unencrypted backup that is lost or stolen directly exposes sensitive data to unauthorized parties, representing the greatest confidentiality threat.

AA backup is the source of Malware or illicit information

While a backup could theoretically harbor malware, this is a rare scenario and typically mitigated by the same AV controls applied to primary systems.

BA backup is incomplete because no verification was performed

An incomplete backup is an operational availability risk that is addressed procedurally through verification checks, and does not directly expose confidential data.

CA backup is unavailable during disaster recovery

Backup unavailability during disaster recovery is an availability concern, but it does not result in unauthorized data disclosure the way theft of unencrypted media does.

DAn unencrypted backup can be misplaced or stolenCorrect

Backups often contain a complete copy of sensitive organizational data. If stored or transported unencrypted, a lost or stolen tape/drive/media gives an attacker full access to all that data with no technical barrier. Encryption is the primary control that renders stolen backup media useless, making its absence the most severe and direct risk to data confidentiality.

Concept tested: Backup media encryption and data confidentiality risk

Source: https://csrc.nist.gov/publications/detail/sp/800-34/rev-1/final

Topics

#backup security#encryption#data protection#physical security

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice