An security auditor finds that the company's backup policy does not include offsite storage. The security policy requires that backups be stored in a geographically separate location. What should the company do?
Encrypted cloud backup in a different region meets the requirement for geographically separate storage.
Why this answer
Option D is correct because encrypted offsite cloud storage satisfies the geographical separation requirement. Option A is wrong because onsite storage is not geographically separate. Option B is wrong because increasing retention does not change location.
Option C is wrong because RAID provides redundancy but not offsite storage.