CompTIA Security+ (SY0-501) — Question 927

During an audit, the auditor requests to see a copy of the identified mission-critical applications as well as their disaster recovery plans. The company being audited has an SLA around the applications it hosts. With which of the following is the auditor MOST likely concerned?

Answer options

• A. ARO/ALE
• B. MTTR/MTBF
• C. RTO/RPO
• D. Risk assessment

Correct answer: C

Explanation

The auditor is primarily focused on RTO (Recovery Time Objective) and RPO (Recovery Point Objective) because these metrics indicate how quickly the applications can be restored and how much data can be lost in a disaster. ARO/ALE, MTTR/MTBF, and risk assessment are important concepts, but they do not directly address the specific recovery capabilities that the auditor is examining related to SLA compliance.