Certified Information Systems Auditor (CISA) — Question 1321

Which of the following BEST supports an organization’s efforts to reduce the impact of ransomware attacks?

Answer options

• A. Ensuring a payment method is available
• B. Conducting periodic internal and external penetration testing
• C. Conducting security awareness training for staff
• D. Developing robust backup and recovery procedures

Correct answer: D

Explanation

Developing robust backup and recovery procedures ensures that data can be restored without paying the ransom, effectively mitigating the impact of an attack. While security awareness training and penetration testing are important for overall security, they do not directly address the immediate consequences of a ransomware attack as backups do.