(ISC)2 Certified in Cybersecurity Practice Exam

A differential backup is designed to include all data that has been modified since the last full backup. This type of backup makes it easy to restore data because it consolidates changes into one backup set. Each time a differential backup is performed, it captures all changes from the last full backup, which means that as time goes on and more differential backups are made, they grow larger as they accumulate all changes made since the last full backup.

In contrast, an incremental backup only includes changes made since the last backup, whether that was a full or an incremental backup. This means that restoring from incremental backups can be more complex, as you would need to restore the last full backup followed by each incremental backup taken after that.

A snapshot backup captures the current state of the system or data at a specific point in time but does not specifically track incremental changes since the last full backup. Full backups, while comprehensive, back up all data regardless of when it was last modified, making them larger and slower to complete compared to differential backups.

Therefore, the correct choice effectively highlights the nature of differential backups, which specifically look at changes since the last full backup.