CISM Certified Information Security Manager – Question0957

Which of the following activities is MOST likely to increase the difficulty of totally eradicating malicious code that is not immediately detected?

A.
Applying patches
B. Changing access rules
C. Upgrading hardware
D. Backing up files

Correct Answer: D

Explanation:

Explanation:
If malicious code is not immediately detected, it will most likely be backed up as a part of the normal tape backup process. When later discovered, the code may be eradicated from the device but still remain undetected ON a backup tape. Any subsequent restores using that tape may reintroduce the malicious code. Applying patches, changing access rules and upgrading hardware does not significantly increase the level of difficulty.