CompTIA SecurityX (CAS-005) — Question 281

An organization determined its preparedness for a ransomware attack is inadequate. A security administrator is working on ways to improve and monitor the organization's response to ransomware attacks. Which of the following is the best action for the administrator to take?

Answer options

• A. Conduct backup testing.
• B. Define the recovery point objective.
• C. Perform a business impact analysis.
• D. Verify the encryption key length.

Correct answer: A

Explanation

Conducting backup testing is crucial because it ensures that the organization can restore data quickly and effectively after a ransomware attack. Defining the recovery point objective is important but does not directly improve the response capabilities. Performing a business impact analysis helps understand the effects of an attack but does not enhance immediate response readiness. Verifying the encryption key length, while important for security, does not address the specific response to ransomware incidents.