Exam CISSP topic 1 question 154 discussion

Tricky bastards. Reviewing the BC…which is availability

B - Key word security principle ( CIA).

With some help of chatgpt Even though *availability* is part of the broader *business continuity* effort, *disaster recovery (DR)* is the correct security principle being assessed here because the question focuses on the recovery of the application within the specific *RPO* (15 minutes). Therefore, the best answer remains *A. Disaster recovery (DR)*.

The architect is primarily assessing disaster recovery (DR), as the Recovery Point Objective (RPO) is a critical metric used in disaster recovery planning to ensure that data loss is minimized and recovery can be achieved within an acceptable timeframe.

Availability is the answer.

Someone's getting paid just to be a pro trickster. Another reason why this test is weird.

The security principle that the security architect is currently assessing is "disaster recovery (DR)." Disaster recovery is the process of restoring an organization's critical systems, applications, and data in the event of a disaster or disruptive event. The Recovery Point Objective (RPO) is the maximum amount of data loss that is acceptable to the organization. In this case, the RPO is 15 minutes, which means that the organization cannot afford to lose more than 15 minutes' worth of data in the event of a disaster. The current design of having all of the application infrastructure located within one co-location data center does not provide adequate disaster recovery capability. If a disaster were to occur at that location, the entire infrastructure could be lost, resulting in data loss and application unavailability. The security architect is therefore assessing the adequacy of the disaster recovery plan for the application.

planning to have RPO - 15 min for application DR only have one co location primary data center correct answer is the consultant currently evaluation of disaster recovery site for their application

There is only one security principle as option: Availability

I chose C but I can see why B is the correct answer. The keyword is security principle. Availability is a security principle (C I A) and would include redundancy. A and D are not security principles

"reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes." does this indicated DR ?

Answer is correct https://www.securitymetrics.com/blog/what-is-a-business-continuity-plan