Question 5 of 500
Business Continuity, DR & Incident ResponsemediumMultiple ChoiceObjective-mapped

Quick Answer

The correct answer is that the source file changed during backup. A checksum mismatch during backup meaning is that the verification algorithm—such as SHA or MD5—computes a hash of the original file at the start of the process and then compares it to the hash of the backup copy; when these values differ, it indicates the source was modified mid-backup, often because the file was open and being written to by another application. On the ISC2 Certified in Cybersecurity CC exam, this scenario tests your understanding of backup integrity and common failure modes, and it frequently appears in questions about verification errors or data consistency. A common trap is assuming the backup medium is corrupt, but the mismatch specifically points to a change in the source, not the destination. Remember the memory tip: “Source shift, hash rift”—if the hash doesn’t match, the source was touched during the backup batch.

ISC2 CC Business Continuity, DR & Incident Response Practice Question

This CC practice question tests your understanding of business continuity, dr & incident response. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

Backup Job: prod_db_2024-01-15
Status: FAILED
Reason: Checksum mismatch for file user_data.bak
Expected: a1b2c3d4e5f6
Actual: 1a2b3c4d5e6f

Refer to the exhibit. What does this indicate?

Question 1mediummultiple choice
Full question →

Exhibit

Backup Job: prod_db_2024-01-15
Status: FAILED
Reason: Checksum mismatch for file user_data.bak
Expected: a1b2c3d4e5f6
Actual: 1a2b3c4d5e6f

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

The source file changed during backup

The exhibit shows a backup verification failure where the checksum or hash of the source file does not match the backup copy. This typically occurs when the source file is modified during the backup process (e.g., an open file that is being written to), causing the verification algorithm to detect a mismatch. The correct answer is A because the backup software correctly identifies that the source changed, not that the backup medium or file is corrupt.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • The source file changed during backup

    Why this is correct

    File modification during backup leads to checksum mismatch.

    Related concept

    Read the scenario before looking for a memorised answer.

  • The backup medium has errors

    Why it's wrong here

    Medium errors typically cause read/write failures, not specific checksum mismatches.

  • The verification algorithm is incorrect

    Why it's wrong here

    The algorithm (hash) is standard and correct.

  • The backup file is corrupt

    Why it's wrong here

    Corruption is possible, but the most common cause is a file change during backup.

Common exam traps

Common exam trap: answer the scenario, not the keyword

ISC2 often tests the distinction between backup file corruption and source file modification during backup, trapping candidates who assume any verification failure means the backup is corrupt, when the exhibit's wording or error message explicitly points to a source change.

Detailed technical explanation

How to think about this question

Under the hood, backup verification often uses a two-pass approach: first, a snapshot or hash of the source file is taken at the start of the backup, then after the backup completes, another hash is computed from the source and compared to the backup. If the source file is modified between these two passes (e.g., by a database transaction log or a user editing a document), the hashes will differ even though the backup itself is intact. In real-world scenarios, this is common with open files on Windows using Volume Shadow Copy Service (VSS) or on Linux with LVM snapshots; without proper snapshot coordination, the backup may capture an inconsistent state.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A security analyst at a medium-sized enterprise encounters this scenario during an investigation or architecture review. The correct answer reflects best practice for the specific threat or control described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Security exam questions test whether you can match controls to threats in context — not just recall definitions.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related CC practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free CC practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this CC question test?

Business Continuity, DR & Incident Response — This question tests Business Continuity, DR & Incident Response — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: The source file changed during backup — The exhibit shows a backup verification failure where the checksum or hash of the source file does not match the backup copy. This typically occurs when the source file is modified during the backup process (e.g., an open file that is being written to), causing the verification algorithm to detect a mismatch. The correct answer is A because the backup software correctly identifies that the source changed, not that the backup medium or file is corrupt.

What should I do if I get this CC question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Keep practising

More CC practice questions

Last reviewed: Jun 30, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This CC practice question is part of Courseiva's free ISC2 certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the CC exam.