Exam CISM topic 1 question 303 discussion

Backups don't prevent attacks, I would go with security awareness

I will go with B. the question does not state to recover from ransomware attack but to prevent. I can't figure out how data backup and restoration process helps stop a ransomware attack from happening

Prevent! A.

HOW, HOW does having backups prevent a ransomware? IT great to have backups sure, no down time. BUT training your users so they dont F around helps reduce ransomware

GPT first gave me A. however, if you reiterate the input and tell it that the question is asking about 'prevention', GPT will go with B. it really depends on what ISACA is referring to with the words 'prevent' and 'ransomware attack'. a successful ransomware would already require mitigation via backups. but prior to that, we are talking about preventive measures for potential attacks. they are being tricky with the wording but i think we have to read it as literally as possible.

B: To effectively prevent ransomware attacks from occurring in the first place, the focus should indeed be on preventative measures i.e. Security Awareness. Backup and restoration processes are primarily corrective controls rather than preventative and will help with mitigating the impact.

Backup is a prevention as well. It says most importantly, what if staff had training but still failed on a phishing attack. If you don't have a backup, you have to pay the ransom.

To prevent! Among four choices, awareness is the only answer even if it will help just only 10%. Backup/Restore do not prevent any. This is English language common sense.

Having backups in isolated VLAN and also offsite backups is the way to go for Ransomware attacks.

A. Adequate backup and restoration processes are in place. While all the options listed (A, B, C, and D) are important for a comprehensive cybersecurity strategy, having a robust backup and restoration process is crucial because it allows you to recover your data and systems in the event of a ransomware attack. Ransomware attackers often encrypt your data and demand a ransom for its release. If you have up-to-date backups that are isolated from your network, you can restore your data without paying the ransom, reducing the impact of the attack significantly.

Its B. You are preventing the attacks by training. That is preventative. Backups are a corrective as they are used after a ransomware attack.

Backup and restore is corrective, not preventative

A. Adequate backup and restoration processes are in place. While all the options listed (A, B, C, and D) are important for a comprehensive cybersecurity strategy, having a robust backup and restoration process is crucial because it allows you to recover your data and systems in the event of a ransomware attack. Ransomware attackers often encrypt your data and demand a ransom for its release. If you have up-to-date backups that are isolated from your network, you can restore your data without paying the ransom, reducing the impact of the attack significantly.

The magical word is PREVENT. In order to prevent the most significant is awareness

A is the BEST mitigation but the question doesn't ask that. B is more likely to prevent them though...

It's A. You can't rely on users, therefore, you need to have a backup in place because at some point users will do some actions and get affected by ransomware.

Another Shit question, which is why I always review this site first... A. Is 100% an acceptable answer, but if we're going strictly by the book, and what's said within it, I believe B is what they want. CISM Review Manual 27th Edition: "The ultimate success of an information security program depends on the degree to which it is understood, supported, and appropriately used by everyone in the organization. Therefore, an ongoing security awareness program, which includes an initial orientation and periodic updates, is necessary."