Exam CAS-004 topic 1 question 76 discussion

C is the only option that would work

The only option listed that will increase the logs from 48 hours to the 24 hours being asked. -Simple as that Source: Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

C Based on the RPO requirements, the management team should recommend increasing the frequency of backups and creating SIEM alerts for IOCs. The RPO (Recovery Point Objective) for the human resources fileshare is 24 hours, which means that the organization needs to be able to recover the data up to 24 hours before the ransomware attack occurred. Since the last backup occurred 48 hours ago, the organization is not meeting its RPO requirement. Increasing the frequency of backups will allow the organization to meet its RPO requirement and minimize data loss in the event of another ransomware attack. Creating SIEM alerts for IOCs (Indicators of Compromise) will also help the organization detect and respond to future attacks more quickly. Paying the ransom should not be considered as a recommended option since it does not guarantee the recovery of the data and may encourage further attacks. Making the fileshare read-only would also not be a recommended option since it would not address the issue of data loss.

C is the best answer

It is not advisable to pay the ransom in a ransomware attack, as this only encourages the attackers and does not guarantee that the data will actually be decrypted. Instead, the management team should consider increasing the frequency of backups to meet the RPO requirements for the human resources fileshare. Additionally, implementing SIEM alerts for indicators of compromise (IOCs) can help to detect and prevent future ransomware attacks.