CompTIA Security+ (SY0-701) — Question 452

Due to a cyberattack, a company's IT systems were not operational for an extended period of time. The company wants to measure how quickly the systems must be restored in order to minimize business disruption. Which of the following would the company most likely use?

Answer options

• A. Recovery point objective
• B. Risk appetite
• C. Risk tolerance
• D. Recovery time objective
• E. Mean time between failure

Correct answer: D

Explanation

The correct answer is D, Recovery time objective, as it specifically defines the target time within which systems should be restored to avoid significant disruption. The other options, like Recovery point objective (A), focus on data loss acceptable levels, while Risk appetite (B) and Risk tolerance (C) relate to the overall willingness to take risks, not specific recovery times. Mean time between failure (E) measures reliability, not restoration time.