CISA Certified Information Systems Auditor – Question2087

Business applications should be selected for disaster recovery testing on the basis of:

A.
the results of contingency desktop checks
B. the number of failure points that are being tested
C. recovery time objectives (RTOs)
D. criticality to the enterprise

Correct Answer: C