An organization that relies heavily on IT wants to contain the impact of potential business...

IIA IIA-CIA-Part3 Question Answer

An organization that relies heavily on IT wants to contain the impact of potential business disruption to a period of approximately four to seven days. Which of the following

business recovery strategies would most efficiently meet this organization's needs?

A recovery strategy whereby a separate site has not yet been determined, but hardware has been reserved for purchase and data backups.

A recovery strategy whereby a separate site has been secured and is ready for use, with fully configured hardware and real-time synchronized data

A recovery strategy whereby a separate site has been secured and the necessary funds for hardware and data backups have been reserved.

A recovery strategy whereby a separate site has been secured with configurable hardware and data backups.

Explanation:

Business continuity planning (BCP) requires a recovery strategy that minimizes downtime and ensures that critical operations resume within the organization’s desired recovery time objective (RTO).

Since the organization wants to recover within four to seven days, it does not require an expensive real-time recovery site (hot site).

The best strategy is a warm site: a pre-secured location with configurable hardware and data backups that can be activated within the required timeframe.

(A) Incorrect – A recovery strategy whereby a separate site has not yet been determined, but hardware has been reserved for purchase and data backups.

This is a cold site, requiring time for setup and hardware installation.

It does not meet the four to seven-day recovery timeframe efficiently.

(B) Incorrect – A recovery strategy whereby a separate site has been secured and is ready for use, with fully configured hardware and real-time synchronized data.

This describes a hot site, which allows instant failover with real-time synchronization.

While effective, it is costly and unnecessary for a four-to-seven-day recovery target.

(C) Incorrect – A recovery strategy whereby a separate site has been secured and the necessary funds for hardware and data backups have been reserved.

While a site has been secured, the absence of pre-configured hardware would delay recovery, making it an inefficient choice.

(D) Correct – A recovery strategy whereby a separate site has been secured with configurable hardware and data backups.

This describes a warm site, which is the best balance between cost and recovery efficiency.

Configurable hardware and data backups ensure that operations can resume within four to seven days.

IIA’s GTAG (Global Technology Audit Guide) – Business Continuity and IT Disaster Recovery

Recommends warm sites for recovery within a few days.

ISO 22301 – Business Continuity Management Systems

Defines recovery time objectives (RTOs) and site classifications (hot, warm, cold).

COBIT Framework – IT Risk Management

Guides organizations on cost-effective recovery site selection based on risk tolerance.

Analysis of Answer Choices:IIA References and Internal Auditing Standards:

IIA-CIA-Part3 PDF/Engine

Printable Format
Value of Money
100% Pass Assurance
Verified Answers
Researched by Industry Experts
Based on Real Exams Scenarios
100% Real Questions

Get 65% Discount on All Products, Use Coupon: "ac4s65"

A small chain of grocery stores made a reporting error and understated its ending inventory.

During which of the following phases of contracting does the organization analyze whether the market...

Pre-Summer Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ac4s65

An organization that relies heavily on IT wants to contain the impact of potential business...

The Answer Is:

Explanation:

Quick Links