CompTIA Security+ (SY0-501) — Question 691

A Chief Security Office's (CSO's) key priorities are to improve preparation, response, and recovery practices to minimize system downtime and enhance organizational resilience to ransomware attacks. Which of the following would BEST meet the CSO's objectives?

Answer options

• A. Use email-filtering software and centralized account management, patch high-risk systems, and restrict administration privileges on fileshares.
• B. Purchase cyber insurance from a reputable provider to reduce expenses during an incident.
• C. Invest in end-user awareness training to change the long-term culture and behavior of staff and executives, reducing the organization's susceptibility to phishing attacks.
• D. Implement application whitelisting and centralized event-log management, and perform regular testing and validation of full backups.

Correct answer: D

Explanation

The correct answer, D, focuses on proactive measures like application whitelisting and backup validation, which are critical for minimizing downtime during ransomware attacks. Options A and C, while beneficial for security, do not directly address the immediate protective and recovery needs outlined by the CSO. Option B, while useful for financial mitigation, does not enhance operational resilience or response capabilities.