Dumpster diving is a physical social engineering attack in which an attacker searches trash bins to recover sensitive information such as passwords, financial records, network diagrams, or personal data. Because the attack targets discarded physical materials, technical controls such as anti-malware software or data loss prevention tools are ineffective in preventing it.
Shredding is the most effective defense because it physically destroys sensitive documents before disposal, making the information unreadable and unusable. Security best practices recommend cross-cut or micro-cut shredders for documents containing confidential or regulated data. This control directly addresses the attack vector and eliminates the risk at its source.
A clean desk policy reduces exposure during business hours but does not address improper disposal. DLP tools focus on electronic data movement, not physical waste. Therefore, shredding is considered a critical administrative and physical security control for preventing information leakage via dumpster diving, as emphasized in NIST SP 800-53 and ISO/IEC 27001 physical security guidelines.
Two-factor authentication (2FA) requires users to verify their identity usingtwo independent authentication factorsfrom different categories, such as something you know and something you have.
The purpose of 2FA is to strengthen authentication security and reduce the risk of unauthorized access. Even if one factor is compromised, the attacker cannot authenticate without the second factor.
2FA is a subset of multi-factor authentication and is strongly recommended by modern security standards, particularly for remote access, cloud services, and privileged accounts.
Ace
No problem! I highly recommend Cramkey Dumps to anyone looking to pass their certification exams. They will help you feel confident and prepared on exam day. Good luck!
HarrisJun 2, 2026
That sounds amazing. I'll definitely check them out. Thanks for the recommendation!
Ilyas
Definitely. I felt much more confident and prepared because of the Cramkey Dumps. I was able to answer most of the questions with ease and I think that helped me to score well on the exam.
SaoirseJun 27, 2026
That's amazing. I'm glad you found something that worked for you. Maybe I should try them out for my next exam.
Lois
I passed my exam with wonderful score. Their dumps are 100% valid and I felt confident during the exam.
ErnieMay 31, 2026
Absolutely. The best part is, the answers in the dumps were correct. So, I felt confident and well-prepared for the exam.
Melody
My experience with Cramkey was great! I was surprised to see that many of the questions in my exam appeared in the Cramkey dumps.
ColbyJun 13, 2026
Yes, In fact, I got a score of above 85%. And I attribute a lot of my success to Cramkey's dumps.
Sam
Can I get help from these dumps and their support team for preparing my exam?
AudreyJun 8, 2026
Definitely, you won't regret it. They've helped so many people pass their exams and I'm sure they'll help you too. Good luck with your studies!
Question 27
Which uses encrypted, machine-generated codes to verify a user's identity?
Token-based authentication relies on encrypted, machine-generated tokens to verify a user’s identity. After successful authentication, the system issues a token (often a JSON Web Token or OAuth token) that represents the user’s session or authorization claims. This token is then presented with each request instead of repeatedly transmitting credentials.
Unlike basic or form-based authentication, token-based methods reduce exposure of usernames and passwords, improve scalability, and support modern distributed architectures such as APIs, cloud services, and mobile applications. Tokens can also include expiration times and scopes, improving security control.