CompTIA CySA+ (CS0-001) — Question 20

An organization is requesting the development of a disaster recovery plan. The organization has grown and so has its infrastructure. Documentation, policies, and procedures do not exist. Which of the following steps should be taken to assist in the development of the disaster recovery plan?

Answer options

• A. Conduct a risk assessment.
• B. Develop a data retention policy.
• C. Execute vulnerability scanning.
• D. Identify assets.

Correct answer: D

Explanation

Identifying assets is crucial as it provides a clear understanding of what needs to be protected and recovered in the event of a disaster. While conducting a risk assessment, developing a data retention policy, and executing vulnerability scanning are important steps, they are secondary to knowing what assets exist and their criticality to the organization.