CompTIA CASP+ (CAS-004) — Question 126

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the
RPO for a disaster recovery event for this data classification is 24 hours.
Based on RPO requirements, which of the following recommendations should the management team make?

Answer options

• A. Leave the current backup schedule intact and pay the ransom to decrypt the data.
• B. Leave the current backup schedule intact and make the human resources fileshare read-only.
• C. Increase the frequency of backups and create SIEM alerts for IOCs.
• D. Decrease the frequency of backups and pay the ransom to decrypt the data.

Correct answer: C

Explanation

The correct answer is C as increasing the frequency of backups will help meet the RPO requirement of 24 hours, thus minimizing potential data loss. Options A and D suggest paying the ransom, which is not a viable long-term solution, and option B does not address the underlying issue of data protection effectively.