The Chief Information Security Officer of an organization needs to ensure recovery from ransomware would likely occur within the organization's agreed-upon RPOs and RTOs. Which of the following backup scenarios would best ensure recovery?
A.
Hourly differential backups stored on a local SAN array
B.
Daily full backups stored on premises in magnetic offline media
C.
Daily differential backups maintained by a third-party cloud provider
D.
Weekly full backups with daily incremental stored on a NAS drive
I belive it is either B or C. the others are susceptible to the attack. Honestly there isnt enough information given to determine the correct response. We need to know what their acceptable RTO and RPO are to make the correct decision.
i vote for B. because it says "best ensure"; but no full backup is hard, and though it is possible via differential/incremental, it is not "best ensure".
It's either B or D, A&C don't have full backups (pay attention)
Because it's a ransomware attack and may have moved around the network, the NAS drive could be infected or be a carrier of an infection.
A tape drive is offline, so it's isolated from potential infection.
for a differential backup to work, a full backup is required but for some odd ball reason, the cloud provider is only maintaining the differential and not the full. if the full backup is lost the differential on the cloud would be useless
It has to be B here. Piggybacking off of some other explanations, A and C can be eliminated because they lack full backups. D can be eliminated because the backups are stored on a Network-Attached Storage (NAS) device. CompTIA outlines the difference between online and offline backups, specifically referencing cryptoransomware as a factor for choosing offline.
Section 20B: "An online system is faster, but an offline backup offers better security. Consider the case of cryptoransomware, for instance. If the backup system is connected to the infected host, the ransomware will encrypt the backup, rendering it useless. Some cryptoransomware is configured to try to access cloud accounts and encrypt the cloud storage."
B is the only one that makes sense here. Full = fast recovery, and offline is what you want when dealing with ransomware. Comptia docs focus on 3rd party cloud backups examples of Amazon's Glacier, where it's slow and costly to recover, so C is out. D is incremental = slower than full. And for A, diff hourly doesn't address anything other than telling me a connected backup could still be impacted by the ransomware attack.
-I would definitely cancel out A and C.
-B would take a very long time to backup daily before any ransomware attack occurred, however, I believe it would achieve the company RTO AND RPO after the fact.
-D would achieve RPO because say the event happened on Wednesday, you'd use your last full backup plus Monday and Tuesday and be okay. However, with it being stored on the NAS drive, it makes me worried that it might get infected too..So maybe it doesn't achieve either in that case. If it is infected it definitely doesn't achieve RPO and with how time consuming doing the full backup the then every daily backup until before the event occurred, it would not achieve RTO either
-I think I'm going to lock in on B.
The Chief Information Security Officer of an organization needs to ensure recovery from ransomware would likely occur within the organization's agreed-upon Recovery Time Objective (RTO) and Recovery Point Objective (RPO).
Without knowing the company's RTOs and RPOs and with the following information in mind:
The factors that determine which method to use are the time it takes to restore versus the time it takes to back up. Assuming a backup is performed every working day, an incremental backup only includes files changed during that day, while a differential backup includes all files changed since the last full backup. Incremental backups save backup time but can be more time-consuming when the system must be restored. The system must be restored from the last full backup set and then from each incremental backup that has subsequently occurred. A differential backup system only involves two tape sets when restoration is required.
C seems like the best option as the user would only need to latest full backup and most recent differential backups to get things up and running. Only problem is: we don't know if a full backup has been conducted.
Both SAN (Storage Area Network) and NAS (Network Attached Storage) are highly susceptible to ransomware. Secondly, differential backup to a cloud, would not guarantee acceptable RPO.
So, a non-networked Full Database backup will guarantee acceptable RPO and reasonable RTO (however long the recovery time might eventually be).
This is because magnetic offline media, such as tapes, are not connected to the internet or local networks, and thus are immune to ransomware attacks. Daily full backups also ensure that the data is as close to real time as possible, minimizing the data loss and downtime. Storing the backups on premises also reduces the risk of data theft or leakage by third parties.
I am changing my answer to C.
Daily differential backups maintained by a third-party cloud provider.This scenario has a moderate risk of reinfection, as the backup data is stored online and accessible from the cloud network, but it is protected by the third-party provider’s security measures. and it also minimize the RPOs and RTOs,
gota be weekly full back up. backing up in offline media will increase the time for recovery
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.SY0-601 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
NolanR
Highly Voted 1 year, 2 months agocaseymd85
Highly Voted 1 year, 2 months agospearous
Most Recent 11 months, 3 weeks ago65333d6
11 months, 4 weeks agoBD69
1 year agoxihjr
1 year, 1 month agoslapster
1 year, 2 months agoqwes333
1 year, 2 months ago[Removed]
1 year, 2 months ago7308365
1 year, 2 months ago7308365
1 year, 2 months agoBenrosan
1 year, 2 months agoYomzie
1 year, 3 months agojohnabayot
1 year, 3 months agojohnabayot
1 year, 2 months agoEikan
1 year, 3 months agoHs1208
1 year, 3 months agoicebreak
1 year, 3 months ago