CompTIA CASP+ (CAS-003) — Question 331

A Chief Information Security Officer (CISO) has launched an initiative to create a robust BCP/DR plan for the entire company. As part of the initiative, the security team must gather data supporting operational importance for the applications used by the business and determine the order in which the applications must be brought back online. Which of the following should be the FIRST step taken by the team?

Answer options

• A. Perform a review of all policies and procedures related to BCP and DR and create an educational module that can be assigned to all employees to provide training on BCP/DR events.
• B. Create an SLA for each application that states when the application will come back online and distribute this information to the business units.
• C. Have each business unit conduct a BIA and categorize the applications according to the cumulative data gathered.
• D. Implement replication of all servers and application data to back up datacenters that are geographically dispersed from the central datacenter and release an updated BPA to all clients.

Correct answer: B

Explanation

The correct answer is B because creating an SLA is essential for establishing clear expectations for application recovery timelines, which is critical to the BCP/DR plan. Options A and C are important steps but do not directly address immediate operational needs, while D focuses on technical implementation rather than prioritization of application recovery.