ExpertHard1 markMultiple Choice
CPA · Question 02 · Area I: Information Systems
An auditor is reviewing the backup strategy for a financial institution that requires a Recovery Point Objective (RPO) of 15 minutes. The current strategy involves a daily full backup at midnight. Which conclusion should the auditor draw?
An auditor is reviewing the backup strategy for a financial institution that requires a Recovery Point Objective (RPO) of 15 minutes. The current strategy involves a daily full backup at midnight. Which conclusion should the auditor draw?
Answer options:
A.
The strategy is adequate as full backups provide the most complete recovery.
B.
The strategy is inadequate to meet the RPO.
C.
The strategy is adequate provided the Recovery Time Objective (RTO) is also 24 hours.
D.
The strategy should be changed to weekly differential backups.
How to approach this question
Compare the frequency of backups to the RPO (maximum acceptable data loss).
Full Answer
B.The strategy is inadequate to meet the RPO.✓ Correct
The current strategy is inadequate to meet the RPO.
RPO of 15 minutes requires transaction logging, continuous replication, or snapshots every 15 minutes. Daily backups allow for up to 24 hours of data loss.
Common mistakes
Confusing RPO (data loss) with RTO (downtime).
Practice the full CPA ISC Practice Exam 2
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll platform where clients access the software ...MediumQ03During a walkthrough of the change management process, an auditor observes that developers have w...MediumQ04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...HardQ05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?MediumQ06Under GDPR, which principle requires that personal data be adequate, relevant, and limited to wha...Medium