nerdexam
EC-Council

312-50V11 · Question #487

Backing up data is a security must. However, it also have certain level of risks when mishandled. Which of the following is the greatest threat posed by backups?

The correct answer is D. An unencrypted backup can be misplaced or stolen. The greatest threat from backups is unauthorized access to sensitive data when backups are unencrypted and physically misplaced or stolen.

Information Security and Ethical Hacking Fundamentals

Question

Backing up data is a security must. However, it also have certain level of risks when mishandled. Which of the following is the greatest threat posed by backups?

Options

  • AA backup is the source of Malware or illicit information
  • BA backup is incomplete because no verification was performed
  • CA backup is unavailable during disaster recovery
  • DAn unencrypted backup can be misplaced or stolen

How the community answered

(26 responses)
  • A
    8% (2)
  • C
    4% (1)
  • D
    88% (23)

Why each option

The greatest threat from backups is unauthorized access to sensitive data when backups are unencrypted and physically misplaced or stolen.

AA backup is the source of Malware or illicit information

While malware can be stored in backups, this is a less common and lower-impact risk compared to the exposure of unencrypted sensitive data.

BA backup is incomplete because no verification was performed

An incomplete backup is an availability concern that affects recovery, but it does not represent a direct threat to data confidentiality or integrity.

CA backup is unavailable during disaster recovery

Backup unavailability during disaster recovery is an operational risk, not a security threat that could lead to data exposure or breach.

DAn unencrypted backup can be misplaced or stolenCorrect

Unencrypted backups represent a critical confidentiality risk because if the physical media is lost or stolen, any party can access the full contents without authentication. This directly violates the principle of data confidentiality and can result in a large-scale data breach. Encryption of backups at rest is a mandatory control to mitigate this risk.

Concept tested: Data backup encryption and confidentiality risks

Source: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-209.pdf

Topics

#backup security#data protection#encryption#physical security

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice