CompTIA Security Plus Mock Test Q391

A security administrator is reviewing the company’s continuity plan. The plan specifies an RTO of six hours and RPO of two days. Which of the following is the plan describing?

A. Systems should be restored within six hours and no later than two days after the incident.
B. Systems should be restored within two days and should remain operational for at least six hours.
C. Systems should be restored within six hours with a minimum of two days worth of data.
D. Systems should be restored within two days with a minimum of six hours worth of data.

Correct Answer: C
Section: Compliance and Operational Security

Explanation:
The recovery time objective (RTO) is the maximum amount of time that a process or service is allowed to be down and the consequences still to be considered acceptable. Beyond this time, the break in business continuity is considered to affect the business negatively. The RTO is agreed on during the business impact analysis (BIA) creation. The recovery point objective (RPO) is similar to RTO, but it defines the point at which the system needs to be restored. This could be where the system was two days before it crashed (whip out the old backup tapes) or five minutes before it crashed (requiring complete redundancy). As a general rule, the closer the RPO matches the item of the crash, the more expensive it is to obtain.

Incorrect Answers:
A: An RTO is six hours and not 2 days after the incident happened.
B: This implies an RTO of 2 days and an RPO of 6 hours.
D: Two days for a system restore should be an RTO of two days and not six hours as mentioned in the question.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 9, 456