In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities. The risk practitioner's BEST recommendation to further reduce the impact of ransomware attacks would be to implement:
A. Resource expenditure against budget
Measuring the progress of a risk response action plan requires assessing how well the plan is being executed against predetermined expectations. Monitoring resource expenditure against the budget provides a tangible metric that indicates whether the plan is progressing within its allocated resources and financial constraints. If the expenditure is consistently above budget, it might indicate that the plan's execution is not going as intended, and adjustments may be needed. Conversely, if the expenditure is well below budget, it might either suggest efficient progress or potential delays in executing certain aspects of the plan.
D. continuous data backup controls.
The best recommendation to further reduce the impact of ransomware attacks would be to implement "D. continuous data backup controls." Ransomware attacks can encrypt an organization's data, rendering it inaccessible until a ransom is paid. Continuous data backup controls ensure that copies of critical data are regularly and automatically backed up to a secure location. In the event of a ransomware attack, the organization can restore its data from backups without needing to pay the ransom.
The answer is D. In general data backups are considered the way to handle ransomware impact. Continuous backups do not prevent you from restoring from a point prior to the infection.
The problem is that what is asked is how to reduce the impact. Once the threat materializes, the best way to mitigate it is to keep backup copies. The 2fa would only reduce the probability of it happening, which is not what is being asked.
Other questions indicate the possibility that backups have a 'PIN' to avoid being hit by ransomware, but this is not the case.
The question asks about the impact of the attack. So that would mean that the attack already took place and therefore the only answer that makes sense is D.
The question is very tricky. Not sure I am right - but think, (C) is the answer.
A. encryption for data at rest
B. encryption for data in motion
C. two-factor authentication
D. continuous data backup controls
A & B are obviously wrong. Encryption as a control will not protect against a ransomware attack. D is a bit confusing - however, if you think a bit, a continuous (realtime) backup will also not help as ransomeware would have infected the files, that due to realtime back-up it will also be corrupt. Now, (C) is good.... it hopefully prevents or makes more difficult for a Treat actor to gain and retain access as it will be difficult to compromise the MFA.
Your response makes lot of sense. this question is a very popular question on ISACA exams. I saw it in my CISA and CISM exams that I've already passed. But in all platforms D is the suggested answer. However, after reading your comments and peruse through google, i have come to the conclusion that indeed C is the correct answer. I have always been missing this question but I'm sure now that i won't miss it again.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.CRISC Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
01010100
10 months, 1 week agoStaanlee
11 months agomraiyan
1 year, 1 month agoCbtL
1 year, 4 months agojohn_boogieman
1 year, 5 months agobabaace
1 year, 6 months agohuze
1 year, 10 months agoHashi1_snr
1 year, 10 months ago