Certified Information Security Manager (CISM) — Question 1052

When testing an incident response plan for recovery from a ransomware attack, which of the following is MOST important to verify?

Answer options

• A. An alternative network link is immediately available.
• B. Data backups are recoverable from an offsite location.
• C. Network access requires two-factor authentication.
• D. Digital currency is immediately available.

Correct answer: B

Explanation

The most critical aspect to verify is that data backups are recoverable from an offsite location, as this ensures that essential data can be restored after a ransomware attack. While having alternative network links, two-factor authentication, and digital currency may be beneficial, they do not directly address the ability to recover lost data, which is paramount in a ransomware scenario.