New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 CSSLP Exam - Topic 11 Question 33 Discussion

Actual exam question for ISC2's CSSLP exam
Question #: 33
Topic #: 11
[All CSSLP Questions]

Which of the following describes the acceptable amount of data loss measured in time?

Show Suggested Answer Hide Answer
Suggested Answer: A

The Recovery Point Objective (RPO) describes the acceptable amount of data loss measured in time. It is the point in time to which data must

be recovered as defined by the organization. The RPO is generally a definition of what an organization determines is an 'acceptable loss' in a

disaster situation. If the RPO of a company is 2 hours and the time it takes to get the data back into production is 5 hours, the RPO is still 2

hours. Based on this RPO the data must be restored to within 2 hours of the disaster.

Answer B is incorrect. The Recovery Time Objective (RTO) is the duration of time and a service level within which a business process

must be restored after a disaster or disruption in order to avoid unacceptable consequences associated with a break in business continuity. It

includes the time for trying to fix the problem without a recovery, the recovery itself, tests and the communication to the users. Decision time

for user representative is not included. The business continuity timeline usually runs parallel with an incident management timeline and may

start at the same, or different, points.

In accepted business continuity planning methodology, the RTO is established during the Business Impact Analysis (BIA) by the owner of a

process (usually in conjunction with the Business Continuity planner). The RTOs are then presented to senior management for acceptance.

The RTO attaches to the business process and not the resources required to support the process.

Answer D is incorrect. The Recovery Time Actual (RTA) is established during an exercise, actual event, or predetermined based on

recovery methodology the technology support team develops. This is the time frame the technology support takes to deliver the recovered

infrastructure to the business.

Answer C is incorrect. The Recovery Consistency Objective (RCO) is used in Business Continuity Planning in addition to Recovery Point

Objective (RPO) and Recovery Time Objective (RTO). It applies data consistency objectives to Continuous Data Protection services.


by Stephen at May 10, 2022, 04:06 AM

Limited Time Offer

25%

Off

Get Premium CSSLP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Pansy
4 months ago
Definitely RPO, no doubt about it!
upvoted 0 times
...
Pamella
4 months ago
I thought RCO was a thing? Surprised to see it here!
upvoted 0 times
...
Jodi
4 months ago
Wait, isn't RTO more about downtime?
upvoted 0 times
...
Lilli
4 months ago
Totally agree, RPO is the right term here.
upvoted 0 times
...
Erasmo
5 months ago
RPO is all about data loss in time!
upvoted 0 times
...
Tasia
5 months ago
I’m confused about RCO and RTA; I don’t recall studying those terms much.
upvoted 0 times
...
Leonie
5 months ago
I feel like I’ve seen a question like this before, and RPO definitely sounds right for data loss in terms of time.
upvoted 0 times
...
Gabriele
5 months ago
I remember RTO relates to how quickly we can recover, but I might be mixing it up with RPO.
upvoted 0 times
...
Yan
5 months ago
I think RPO is about the amount of data loss, but I'm not entirely sure if it measures time specifically.
upvoted 0 times
...
Virgie
5 months ago
This question seems straightforward, but I want to double-check the details on the CSC VPRN configuration.
upvoted 0 times
...
Naomi
5 months ago
Wait, is this asking about testing the non-public properties of a component? I'm not sure if that's a recommended practice, but I'll include it just in case. Better safe than sorry on the exam!
upvoted 0 times
...
Cristal
5 months ago
Okay, I think I've got it. The process of establishing parameters for programs, investments, and acquisitions to reach desired results sounds like it's talking about performance measurement. I'm going with option C.
upvoted 0 times
...
Percy
5 months ago
Hmm, this is a tricky one. I'm not sure if it's a NIDS or Kerberos preventing the sniffing. I'll need to think through the networking and security concepts here.
upvoted 0 times
...

Save Cancel