1.
QUESTION NO: 801
Which of the following access decisions are based on a Mandatory Access Control (MAC)
environment?
Correct Answer
D. Sensitivity labels
Explanation
Sensitivity labels are used in a Mandatory Access Control (MAC) environment to determine access decisions. MAC is a security model where access controls are based on labels assigned to subjects (users, processes) and objects (files, resources). Sensitivity labels indicate the level of sensitivity or classification of an object, and access decisions are made based on the comparison of the sensitivity labels of subjects and objects. Access control lists, ownership, and group membership are typically used in discretionary access control (DAC) environments, where access decisions are based on the discretion of the owner or the group.
2.
QUESTION NO: 802
Audit log information can BEST be protected by: (Select TWO).
Correct Answer(s)
C. Access controls that restrict usage
E. Recording to write-once media.
Explanation
Audit log information can be best protected by implementing access controls that restrict usage and recording the logs to write-once media. Access controls ensure that only authorized individuals can access and modify the audit logs, reducing the risk of unauthorized tampering or deletion. Recording the logs to write-once media, such as a read-only DVD or a write-once hard drive, prevents any modifications to the logs once they have been recorded, ensuring their integrity and reliability for future analysis and investigation. Using a VPN, IDS, IPS, or firewall can provide additional security measures but may not directly address the protection of audit log information.
3.
QUESTION NO: 803
Non-essential services are often appealing to attackers because non-essential services:
(Select TWO)
Correct Answer(s)
E. Are not typically configured correctly or secured
F. Sustain attacks that go unnoticed
Explanation
Non-essential services are often appealing to attackers because they are not typically configured correctly or secured. This means that they may have weak security measures in place, making them easier for attackers to exploit. Additionally, non-essential services may sustain attacks that go unnoticed because they are not as closely monitored or prioritized by security systems. This allows attackers to potentially gain unauthorized access or carry out malicious activities without being detected.
4.
QUESTION NO: 804
A user downloads and installs a new screen saver and the program starts to rename and delete random files. Which of the following would be the BEST description of this program?
Correct Answer
C. Trojan horse
Explanation
A Trojan horse is a type of malicious software that disguises itself as a legitimate program or file, tricking the user into downloading and installing it. Once installed, the Trojan horse can perform various malicious actions, such as renaming and deleting random files, as described in the question. Unlike viruses and worms, Trojan horses do not replicate themselves or spread to other systems. A logic bomb is a type of malware that is programmed to execute a malicious action at a specific time or under certain conditions. Therefore, the best description for the given scenario is a Trojan horse.
5.
QUESTION NO: 805
Which of the following types of malicious software travels across computer networks without requiring a user to distribute the software?
Correct Answer
B. Worm
Explanation
A worm is a type of malicious software that can travel across computer networks without the need for user distribution. Unlike a virus, which requires a host file or program to replicate, a worm can independently spread itself through network connections. It can exploit vulnerabilities in network protocols or use social engineering techniques to trick users into executing it. Once inside a system, a worm can replicate itself and spread to other connected devices, causing damage or stealing information. Therefore, the correct answer is worm.
6.
QUESTION NO: 806
Which of the following should be done if an audit recording fails in an information system?
Correct Answer
D. Send an alert to the appropriate personnel
Explanation
If an audit recording fails in an information system, it is important to send an alert to the appropriate personnel. This is because failing audit recordings can indicate a potential security breach or system malfunction. By alerting the appropriate personnel, they can investigate the issue, identify the cause of the failure, and take necessary actions to rectify the problem and ensure the integrity and security of the system.
7.
QUESTION NO: 807
Which of the following types of authentication BEST describes providing a username, password and undergoing a thumb print scan to access a workstation?
Correct Answer
A. Multifactor
Explanation
The given scenario describes the use of multiple factors for authentication. In this case, the user is required to provide a username, password, and undergo a thumbprint scan. This combination of factors, including something the user knows (password), something the user has (thumbprint), and something the user is (username), is known as multifactor authentication. It provides an additional layer of security by requiring multiple pieces of evidence to verify the user's identity before granting access to the workstation.
8.
QUESTION NO: 808
Which of the following steps is MOST often overlooked during the auditing process?
Correct Answer
A. Reviewing event logs regularly
Explanation
Reviewing event logs regularly is often overlooked during the auditing process. Event logs contain valuable information about system activities and can help identify any suspicious or unauthorized activities. Regularly reviewing event logs allows auditors to detect and investigate any potential security breaches or anomalies. However, it is a step that is often neglected, leading to missed opportunities for identifying and addressing security issues.
9.
QUESTION NO: 809
Kerberos uses which of the following ports by default?
Correct Answer
B. 88
Explanation
Kerberos uses port 88 by default. Kerberos is a network authentication protocol that works on the basis of tickets to allow secure communication between clients and servers. Port 88 is specifically designated for Kerberos authentication services. This port is used for the exchange of authentication messages between the client and the Key Distribution Center (KDC), which is the central authentication server in a Kerberos environment.
10.
QUESTION NO: 810
Turnstiles, double entry doors and security guards are all prevention measures for which of the following types of social engineering?
Correct Answer
A. Piggybacking
Explanation
Turnstiles, double entry doors, and security guards are all prevention measures for piggybacking. Piggybacking refers to the act of unauthorized individuals following closely behind an authorized person to gain access to a secure area without proper authentication. These prevention measures are put in place to ensure that only authorized individuals are granted entry and to prevent unauthorized individuals from piggybacking on someone else's access.
11.
QUESTION NO: 811
Spam is considered a problem even when deleted before being opened because spam:
Correct Answer
C. Wastes company bandwidth
Explanation
Spam wastes company bandwidth because it consumes network resources and slows down internet speed. When spam emails are received, they take up storage space and require data to be transferred across the network, which can cause congestion and reduce the overall performance of the network. This can negatively impact productivity and increase costs for the company.
12.
QUESTION NO: 812
Which of the following programming techniques should be used to prevent buffer overflow attacks?
Correct Answer
A. Input validation
Explanation
Input validation is the correct answer because it involves checking and validating user input to ensure that it meets certain criteria and is within the expected range. By validating input, potential buffer overflow attacks can be prevented because the input is checked for its length and content before it is processed. This helps to ensure that the input does not exceed the allocated buffer size, preventing the attacker from overwriting adjacent memory locations and executing malicious code.
13.
QUESTION NO: 813
Which of the following authentication systems make use of the KDC Key Distribution Center?
Correct Answer
D. Kerberos
Explanation
Kerberos is the correct answer because it is an authentication protocol that uses a Key Distribution Center (KDC) to authenticate users and provide them with tickets for accessing network services. The KDC acts as a trusted third party that authenticates users and issues session keys that are used for secure communication between the user and the network services. This allows for secure authentication and authorization in a network environment. Certificates, security tokens, and CHAP are not directly related to the use of a KDC for authentication.
14.
QUESTION NO: 814
Which of the following authentication methods increases the security of the authentication process because it must be in your physical possession?
Correct Answer
A. Smart Cards
Explanation
Smart Cards increase the security of the authentication process because they must be physically possessed by the user. Smart cards are small plastic cards that contain an embedded chip, which stores and processes data securely. The user must insert the smart card into a card reader and provide a PIN or biometric authentication to access the data stored on the card. This physical possession requirement makes it difficult for unauthorized individuals to gain access to the authentication credentials, enhancing the overall security of the authentication process.
15.
QUESTION NO: 815
Which of the following statements regarding authentication protocols is FALSE?
Correct Answer
D. MS-CHAP version 1 is capable of mutual authentication of both the client and the server.
Explanation
MS-CHAP version 1 is not capable of mutual authentication of both the client and the server. It only provides authentication of the client to the server.
16.
QUESTION NO: 816
Which password management system best provides for a system with a large number of users?
Correct Answer
A. Self service password reset management systems
Explanation
Self service password reset management systems are the best option for a system with a large number of users because they allow users to reset their own passwords without the need for IT support. This reduces the burden on IT staff and increases efficiency. Users can easily reset their passwords through a self-service portal, which saves time and resources. Additionally, self service password reset management systems often include security features such as multi-factor authentication, ensuring that only authorized users can reset their passwords.
17.
QUESTION NO: 817
Which definition best defines what a challenge-response session is?
Correct Answer
A. A challenge-response session is a workstation or system that produces a random challenge string that the user provides, when prompted, in conjunction with the proper PIN (Personal Identification Number).
Explanation
A challenge-response session refers to a workstation or system that generates a random challenge string. This challenge string is then presented to the user, who must provide it along with the correct PIN (Personal Identification Number) in order to authenticate themselves.
18.
QUESTION NO: 818
For which reason are clocks used in Kerberos authentication?
Correct Answer
B. Clocks are used to ensure that tickets expire correctly.
Explanation
Clocks are used in Kerberos authentication to ensure that tickets expire correctly. Kerberos uses time-based tickets that have a limited validity period. The clocks on the client and server machines need to be synchronized to ensure that the tickets are valid and not expired. The clocks are used to track the time and determine when a ticket should expire, preventing unauthorized access to the system.
19.
QUESTION NO: 819
To reduce vulnerabilities on a web server, an administrator should adopt which of the following preventative measures?
Correct Answer
B. Apply the most recent manufacturer updates and patches to the server.
Explanation
Applying the most recent manufacturer updates and patches to the server is a preventative measure to reduce vulnerabilities on a web server. Manufacturers regularly release updates and patches to address security vulnerabilities and improve the server's overall security. By keeping the server up to date with these updates, the administrator ensures that any known vulnerabilities are patched, reducing the risk of exploitation by attackers. This measure is essential in maintaining the security and integrity of the web server.
20.
QUESTION NO: 820
Which of the following is a common type of attack on web servers?
Correct Answer
B. Buffer overflow
Explanation
A buffer overflow is a common type of attack on web servers where an attacker sends more data than a buffer can handle, causing the excess data to overflow into adjacent memory. This can lead to the execution of malicious code or the crashing of the server.
21.
QUESTION NO: 821
The employees at a company are using instant messaging on company networked computers. The MOST important security issue to address when using instant messaging is that instant messaging:
Correct Answer
B. Communications are open and unprotected
Explanation
The most important security issue to address when using instant messaging is that communications are open and unprotected. This means that the messages sent through instant messaging can be intercepted and read by unauthorized individuals. This lack of encryption and protection puts sensitive information at risk and can lead to data breaches or leaks. It is crucial to implement secure protocols and encryption methods to ensure the confidentiality and integrity of instant messaging communications.
22.
QUESTION NO: 822
A VPN typically provides a remote access link from one host to another over:
Correct Answer
D. The Internet
Explanation
A VPN (Virtual Private Network) typically provides a remote access link from one host to another over the Internet. This means that users can securely connect to a private network from a remote location using the public Internet as the medium. VPNs use encryption and other security measures to ensure that the data transmitted over the Internet remains secure and confidential. By using the Internet as the transport mechanism, VPNs offer a cost-effective and flexible solution for remote access connectivity.
23.
QUESTION NO: 823
Which of the following would be needed to ensure that a user who has received an email cannot claim that the email was not received?
Correct Answer
D. Non-repudiation
Explanation
Non-repudiation is the correct answer because it provides evidence that a user has received an email and prevents them from denying its receipt. It ensures that the sender can prove that the email was successfully delivered and received by the intended recipient. This is typically achieved through the use of digital signatures or other cryptographic methods that provide authentication and non-repudiation of the message.
24.
QUESTION NO: 824
Which of the following portions of a company's network is between the Internet and an internal network?
Correct Answer
B. Demilitarized zone (DMZ)
Explanation
A demilitarized zone (DMZ) is a portion of a company's network that is located between the Internet and an internal network. It acts as a buffer zone, separating the internal network from the external network (Internet). The purpose of a DMZ is to provide an additional layer of security by placing public-facing servers, such as web servers or email servers, in the DMZ. This allows external users to access these servers while keeping the internal network protected from potential threats.
25.
QUESTION NO: 825
Which of the following is MOST often used to allow a client or partner access to a network?
Correct Answer
A. Extranet
Explanation
An extranet is a private network that allows external clients or partners to access certain parts of a company's network. It provides a secure and controlled way for these external users to connect and collaborate with the company's internal network and resources. This is often used when there is a need for collaboration, sharing of information, or providing access to specific services to external parties while maintaining security and privacy.
26.
QUESTION NO: 826
Which of the following types of firewalls provides inspection at layer 7 of the OSI model?
Correct Answer
A. Application-proxy
Explanation
An application-proxy firewall provides inspection at layer 7 of the OSI model. This type of firewall acts as an intermediary between the client and server, allowing it to examine and filter application-layer traffic. It can analyze the content of the traffic, including specific protocols and applications, to make more informed decisions about allowing or blocking certain connections. This level of inspection offers greater control and security compared to other types of firewalls that operate at lower layers of the OSI model.
27.
QUESTION NO: 827
A newly hired security specialist is asked to evaluate a company's network security. The security specialist discovers that users have installed personal software; the network OS has default settings and no patches have been installed and passwords are not required to be changed regularly. Which of the following would be the FIRST step to take?
Correct Answer
C. Enforce the security policy.
Explanation
The first step to take in this situation would be to enforce the security policy. This is because the security specialist has identified several security vulnerabilities, such as the installation of personal software, default settings on the network OS, lack of software patches, and no requirement for regular password changes. Enforcing the security policy would address these vulnerabilities by implementing measures such as removing personal software, configuring appropriate settings on the network OS, installing software patches, and implementing password management policies. By doing so, the security specialist can improve the overall network security posture of the company.
28.
QUESTION NO: 828
Giving each user or group of users only the access they need to do their job is an example of which of the following security principals?
Correct Answer
A. Least privilege
Explanation
Giving each user or group of users only the access they need to do their job is an example of the principle of least privilege. This principle ensures that users are granted the minimum necessary privileges required to perform their tasks, reducing the potential for unauthorized access or accidental misuse of resources. By limiting access rights, organizations can minimize the risk of data breaches and unauthorized actions, enhancing overall security posture.
29.
QUESTION NO: 829
A company implements an SMTP server on their firewall. This implementation would violate which of the following security principles?
Correct Answer
B. Use a device as intended
Explanation
The implementation of an SMTP server on a firewall violates the principle of "Use a device as intended." Firewalls are designed to control and monitor network traffic based on predetermined rules, not to function as email servers. By using the firewall as an SMTP server, the company is not utilizing the device for its intended purpose, which could lead to security vulnerabilities and potential breaches.
30.
QUESTION NO: 830
A company is upgrading the network and needs to reduce the ability of users on the same floor and network segment to see each other's traffic. Which of the following network devices should be used?
Correct Answer
C. Switch
Explanation
A switch should be used to reduce the ability of users on the same floor and network segment to see each other's traffic. Unlike a hub, which broadcasts traffic to all connected devices, a switch directs traffic only to the intended recipient. This improves network security by preventing unauthorized access to data packets. A router is used to connect different networks, while a firewall is a security device that filters network traffic. Therefore, a switch is the most appropriate network device for this scenario.
31.
QUESTION NO: 831
A system administrator reports that an unauthorized user has accessed the network. Which of the following would be the FIRST action to take?
Correct Answer
D. Contain the problem.
Explanation
The FIRST action to take when an unauthorized user has accessed the network is to contain the problem. This means isolating the affected systems or devices from the rest of the network to prevent further unauthorized access and potential damage. This step is crucial in order to minimize the impact and mitigate any potential harm caused by the unauthorized access. Once the problem is contained, further actions such as notifying management, determining the business impact, and contacting law enforcement officials can be taken.
32.
QUESTION NO: 832
A companys security' specialist is securing a web server that is reachable from the Internet. The web server is located in the core internal corporate network. The network cannot be redesigned and the server cannot be moved. Which of the following should the security specialist implement to secure the web server? (Select TWO).
Correct Answer(s)
D. Host-based IDS
F. Host-based firewall
Explanation
The security specialist should implement a host-based IDS (Intrusion Detection System) to monitor and detect any suspicious activity on the web server itself. This will help in identifying any potential attacks or breaches on the server. Additionally, a host-based firewall should be implemented to control and filter the incoming and outgoing traffic specifically for the web server. This will provide an additional layer of protection by allowing only authorized traffic to access the server and blocking any unauthorized attempts.
33.
QUESTION NO: 833
The CHAP (Challenge Handshake Authentication Protocol) sends a logon request from the client to the server, and the server sends a challenge back to the client. At which stage does the CHAP protocol perform the handshake process? Choose the best complete answer.
Correct Answer
A. At the stage when the connection is established and at whichever time after the connection has been established.
Explanation
The CHAP protocol performs the handshake process at the stage when the connection is established and at whichever time after the connection has been established. This means that the handshake process can occur multiple times during the duration of the connection, providing an additional layer of authentication and security.
34.
QUESTION NO: 834
Which of the following are nonessential protocols and services?
Correct Answer
B. TFTP (Trivial File Transfer Protocol).
Explanation
TFTP (Trivial File Transfer Protocol) is a nonessential protocol and service. It is a simplified version of FTP (File Transfer Protocol) and is primarily used for transferring small files. Unlike other protocols like NNTP, DNS, and ICMP, TFTP is not essential for the basic functioning of a network. It is commonly used in situations where a lightweight and basic file transfer mechanism is required, such as in network booting or firmware updates.
35.
QUESTION NO: 835
Which of the following protocols are not recommended due to them supplying passwords and information over the network?
Correct Answer
B. SNMP (Simple Network Management Protocol).
Explanation
SNMP (Simple Network Management Protocol) is not recommended due to its capability of supplying passwords and information over the network. This protocol is primarily used for managing and monitoring network devices, but it lacks proper security measures to protect sensitive data. SNMP utilizes community strings for authentication, which can be easily intercepted and exploited by malicious actors. Therefore, it is advised to avoid using SNMP for transmitting passwords and confidential information to ensure network security.
36.
QUESTION NO: 836
Most key fob based identification systems use which of the following types of authentication mechanisms?(Select TWO).
Correct Answer(s)
C. Username/password
E. Token
Explanation
Most key fob based identification systems use username/password and token authentication mechanisms. The username/password mechanism requires the user to enter a unique username and password combination to authenticate their identity. The token mechanism involves the use of a physical device, such as a key fob, that generates a unique code or password that is used for authentication. These two mechanisms provide an additional layer of security to ensure that only authorized individuals can access the system.
37.
QUESTION NO: 837
Which of the following describes a server or application that is accepting more input than the server or application is expecting?
Correct Answer
C. Buffer overflow
Explanation
A buffer overflow occurs when a server or application is accepting more input than it is expecting, causing the excess data to overflow into adjacent memory. This can lead to the corruption of data, system crashes, and potentially allow attackers to execute malicious code. It is a common vulnerability that can be exploited to gain unauthorized access to a system or cause it to become unresponsive.
38.
QUESTION NO: 838
Which of the following refers to the ability to be reasonably certain that data is not modified or tampered with?
Correct Answer
B. Integrity
Explanation
Integrity refers to the ability to be reasonably certain that data is not modified or tampered with. This means that the data remains intact and has not been altered in any unauthorized way. Ensuring data integrity is important for maintaining the accuracy and reliability of information.
39.
QUESTION NO: 839
Disguising oneself as a reputable hardware manufacturer's field technician who is picking up a server for repair would be described as:
Correct Answer
D. Social engineering
Explanation
Disguising oneself as a reputable hardware manufacturer's field technician in order to pick up a server for repair is an example of social engineering. Social engineering refers to the manipulation of individuals to gain unauthorized access or obtain sensitive information. In this scenario, the attacker is using deception and impersonation to gain physical access to the server, exploiting the trust placed in the reputation of the hardware manufacturer and the legitimacy of their technicians. This tactic allows the attacker to bypass security measures and potentially gain access to sensitive data or compromise the server.
40.
QUESTION NO: 840
A security specialist has downloaded a free security software tool from a trusted industry site. The source has published the MD5 hash values for the executable program. The specialist performs a successful virus scan on the download but the MD5 hash is different. Which of the following steps should the specialist take?
Correct Answer
A. Avoid executing the file and contact the source website administrator
Explanation
The correct answer is to avoid executing the file and contact the source website administrator. This is because the MD5 hash values are used to verify the integrity of the downloaded file. If the MD5 hash is different, it means that the file has been modified or tampered with, and it may contain malicious code. Therefore, it is important to avoid executing the file and contact the source website administrator to report the issue and seek further guidance.
41.
QUESTION NO: 841
Which of the following identifies the layer of the OSI model where SSL provides encryption?
Correct Answer
C. Session
Explanation
SSL (Secure Sockets Layer) provides encryption at the Session layer of the OSI model. The Session layer is responsible for establishing, managing, and terminating sessions between applications. SSL ensures secure communication by encrypting the data exchanged between the client and the server, protecting it from unauthorized access or tampering. This layer also handles authentication and establishes a secure connection before data transmission begins. Therefore, SSL operates at the Session layer to provide encryption for secure communication.
42.
QUESTION NO: 842
Which of the following would be the BEST reason to disable unnecessary services on a server?
Correct Answer
C. Attack surface and opportunity for compromise are reduced
Explanation
Disabling unnecessary services on a server reduces the attack surface, which refers to the potential entry points that attackers can exploit to gain unauthorized access. By disabling these services, the server's exposure to vulnerabilities and potential compromise is minimized. This is the best reason because it directly addresses the security aspect of server management and helps protect the server from potential attacks.
43.
QUESTION NO: 843
A user is assigned access rights explicitly. This is a feature of which of the following access control models?
Correct Answer
A. Discretionary Access Control (DAC)
Explanation
In Discretionary Access Control (DAC), access rights are assigned explicitly by the owner or administrator of the resource. This means that the user has the discretion to grant or revoke access to others. In contrast, in Mandatory Access Control (MAC), access rights are determined by system policies and cannot be overridden by individual users. Rule Based Access Control (RBAC) and Role Based Access Control (RBAC) are different models that also define access rights, but they are not based on explicit assignment by individual users.
44.
QUESTION NO: 844
Which of the following describes an attacker encouraging a person to perform an action in order to be successful?
Correct Answer
B. Social engineering
Explanation
Social engineering refers to the act of manipulating or deceiving individuals into performing certain actions that may compromise their security or provide unauthorized access to systems or information. In this context, an attacker encourages a person to perform an action in order to achieve their malicious objectives. This can involve techniques such as phishing, impersonation, or psychological manipulation to trick individuals into revealing sensitive information, clicking on malicious links, or installing malicious software.
45.
QUESTION NO: 845
A user has received an email from a mortgage company asking for personal information including bank account numbers. This would BEST be described as:
Correct Answer
B. pHishing
Explanation
The email asking for personal information, including bank account numbers, is described as phishing. Phishing is a type of cyber attack where attackers impersonate legitimate organizations to trick users into revealing sensitive information or performing actions that could compromise their security. In this case, the email is attempting to deceive the user into providing personal and financial information, which could be used for fraudulent purposes.
46.
QUESTION NO: 846
Which of the following connectivity is required for a web server that is hosting an SSL based web site?
Correct Answer
A. Port 443 inbound
Explanation
For a web server hosting an SSL based website, inbound connectivity on port 443 is required. Port 443 is the default port for HTTPS traffic, which is used to securely transmit data over the internet. Inbound connectivity on this port allows the server to receive incoming requests from clients and respond with the requested web pages or resources. It is important for SSL based websites as SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser, ensuring that the data transmitted remains confidential and secure.
47.
QUESTION NO: 847
Malicious port scanning is a method of attack to determine which of the following?
Correct Answer
B. The fingerprint of the operating system
Explanation
Malicious port scanning is a technique used by attackers to identify the fingerprint of the operating system. By scanning the open ports on a system, the attacker can gather information about the services and protocols running on the system, which can help them determine the operating system being used. This information can be used to exploit vulnerabilities specific to that operating system and launch targeted attacks.
48.
QUESTION NO: 848
Which of the following is used to determine equipment status and modify the configuration or settings of network devices?
Correct Answer
A. SNMP
Explanation
SNMP (Simple Network Management Protocol) is used to determine the status of network equipment and make changes to their configuration or settings. It is a protocol that allows network administrators to manage and monitor network devices, such as routers, switches, and servers. SNMP enables the collection and organization of information about network devices, including their performance, availability, and health. It also provides a means for remote management and configuration of these devices, making it an essential tool for network administration. DHCP (Dynamic Host Configuration Protocol) is used for automatically assigning IP addresses to devices on a network. SMTP (Simple Mail Transfer Protocol) is used for sending emails. CHAP (Challenge Handshake Authentication Protocol) is a security protocol used in PPP (Point-to-Point Protocol) for authentication purposes.
49.
QUESTION NO: 849
Which of the following is a major reason that social engineering attacks succeed?
Correct Answer
B. Lack of security awareness
Explanation
Social engineering attacks often succeed due to a lack of security awareness. This means that individuals and organizations may not be adequately educated or trained on how to identify and respond to these types of attacks. Without this awareness, people may be more susceptible to manipulation and deception by attackers who use psychological tactics to gain unauthorized access to sensitive information or systems. Therefore, increasing security awareness and providing proper training can help mitigate the risk of social engineering attacks.
50.
QUESTION NO: 850
Which of the following types of backups requires that files and software that have been changed since the last full backup be copied to storage media?
Correct Answer
B. Differential
Explanation
Differential backups require that files and software that have been changed since the last full backup be copied to storage media. This means that only the files that have been modified or added since the last full backup are included in the backup, making it faster and requiring less storage space compared to a full backup.