CompTIA SecurityX (CAS-005) — Question 286

A company recently experienced a ransomware attack. Although the company performs systems and data backup on a schedule that aligns with its RPO requirements, the backup administrator could not recover critical systems and data from its offline backups to meet the RPO. Eventually, the systems and data were restored with information that was six months outside of RPO requirements. Which of the following actions should the company take to reduce the risk of a similar attack?

Answer options

• A. Encrypt and label the backup tapes with the appropriate retention schedule before they are sent to the off-site location.
• B. Implement a business continuity process that includes reverting manual business processes.
• C. Perform regular disaster recovery testing of IT and non-IT systems and process.
• D. Carry out a tabletop exercise to update and verify the RACI matrix with IT and critical business functions.

Correct answer: C

Explanation

The correct answer is C because regular disaster recovery testing ensures that both IT and non-IT systems can be effectively restored in case of an incident, thereby enhancing preparedness. Options A and B focus on backup management and business continuity but do not directly address the testing of recovery processes. Option D, while useful for verification, does not actively test recovery capabilities.