Certified Information Security Manager (CISM) — Question 482
A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server. Which of the following would
MOST effectively allow the hospital to avoid paying the ransom?
Answer options
- A. A continual server replication process
- B. Employee training on ransomware
- C. A properly tested offline backup system
- D. A properly configured firewall
Correct answer: C
Explanation
The correct answer is C because a properly tested offline backup system allows the hospital to restore data without needing to pay the ransom. Option A, while it aids in data availability, does not protect against ransomware attacks. Option B focuses on prevention through training, which is beneficial but does not directly resolve the issue once the ransomware has affected the server. Option D, a firewall, is important for security but does not offer a solution for recovering data once it has been encrypted.