An auditor is reviewing the backup strategy for a financial transaction system with a Recovery Point Objective (RPO) of 1 hour. The current strategy involves a full backup every Sunday at midnight and differential backups every night at midnight. Is this strategy adequate?

Answer options:

Yes, because differential backups capture all changes since the last full backup.

Yes, provided the Recovery Time Objective (RTO) is also 24 hours.

No, because differential backups take too long to restore.

No, because data created between midnight and the failure time would be lost, exceeding the 1-hour RPO.

How to approach this question

Compare the backup frequency to the RPO. RPO = Max allowable data loss. If you backup every 24 hours, you risk 24 hours of data loss.

Full Answer

D.No, because data created between midnight and the failure time would be lost, exceeding the 1-hour RPO.✓ Correct

To meet a 1-hour RPO, transaction logs or incremental backups must be performed at least every hour. A daily backup schedule implies a potential data loss of up to 24 hours.

Common mistakes

Confusing RPO (data loss) with RTO (downtime).

Question 05 All questions Question 07

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →