Dumpster diving is a physical social engineering attack in which an attacker searches trash bins to recover sensitive information such as passwords, financial records, network diagrams, or personal data. Because the attack targets discarded physical materials, technical controls such as anti-malware software or data loss prevention tools are ineffective in preventing it.
Shredding is the most effective defense because it physically destroys sensitive documents before disposal, making the information unreadable and unusable. Security best practices recommend cross-cut or micro-cut shredders for documents containing confidential or regulated data. This control directly addresses the attack vector and eliminates the risk at its source.
A clean desk policy reduces exposure during business hours but does not address improper disposal. DLP tools focus on electronic data movement, not physical waste. Therefore, shredding is considered a critical administrative and physical security control for preventing information leakage via dumpster diving, as emphasized in NIST SP 800-53 and ISO/IEC 27001 physical security guidelines.
Two-factor authentication (2FA) requires users to verify their identity usingtwo independent authentication factorsfrom different categories, such as something you know and something you have.
The purpose of 2FA is to strengthen authentication security and reduce the risk of unauthorized access. Even if one factor is compromised, the attacker cannot authenticate without the second factor.
2FA is a subset of multi-factor authentication and is strongly recommended by modern security standards, particularly for remote access, cloud services, and privileged accounts.
Question 27
Which uses encrypted, machine-generated codes to verify a user's identity?
Token-based authentication relies on encrypted, machine-generated tokens to verify a user’s identity. After successful authentication, the system issues a token (often a JSON Web Token or OAuth token) that represents the user’s session or authorization claims. This token is then presented with each request instead of repeatedly transmitting credentials.
Unlike basic or form-based authentication, token-based methods reduce exposure of usernames and passwords, improve scalability, and support modern distributed architectures such as APIs, cloud services, and mobile applications. Tokens can also include expiration times and scopes, improving security control.
Erik
Hey, I have passed my exam using Cramkey Dumps?
FreyjaMar 13, 2026
Really, what are they? All come in your pool? Please give me more details, I am going to have access their subscription. Please brother, give me more details.
Alaya
Best Dumps among other dumps providers. I like it so much because of their authenticity.
KaidenMar 9, 2026
That's great. I've used other dump providers in the past and they were often outdated or had incorrect information. This time I will try it.
Reeva
Wow what a success I achieved today. Thank you so much Cramkey for amazing Dumps. All students must try it.
AmariMar 7, 2026
Wow, that's impressive. I'll definitely keep Cramkey in mind for my next exam.
Victoria
Hey, guess what? I passed the certification exam! I couldn't have done it without Cramkey Dumps.
IsabelMar 12, 2026
Same here! I was so surprised when I saw that almost all the questions on the exam were exactly what I found in their study materials.
Miley
Hey, I tried Cramkey Dumps for my IT certification exam. They are really awesome and helped me pass my exam with wonderful score.
MeganMar 4, 2026
That’s great!!! I’ll definitely give it a try. Thanks!!!
