CISA Certified Information Systems Auditor – Question1737

To address an organization's disaster recovery requirements, backup intervals should not exceed the:

A.
service level objective (SLO).
B. recovery time objective (RTO).
C. recovery point objective (RPO).
D. maximum acceptable outage (MAO).

Correct Answer: C

Explanation:

Explanation:
The recovery point objective (RPO) defines the point in time to which data must be restored after a disaster so as to resume processing transactions. Backups should be performed in a way that the latest backup is no older than this maximum time frame. If service levels are not met, the usual consequences are penalty payments, not cessation of business. Organizations will try to set service level objectives (SLOs) so as to meet established targets. The resulting time for the service level agreement (SLA) will usually be longer than the RPO. The recovery time objective (RTO) defines the time period after the disaster in which normal business functionality needs to be restored. The maximum acceptable outage (MAO) is the maximum amount of system downtime that is tolerable. It can be used as a synonym for RTO. However, the RTO denotes an objective/target, while the MAO constitutes a vital necessity for an organization’s survival.