Certified Information Systems Auditor (CISA) — Question 361

Which of the following is the MOST important reason to classify a disaster recovery plan (DRP) as confidential?

Answer options

• A. Ensure compliance with the data classification policy.
• B. Reduce the risk of data leakage that could lead to an attack.
• C. Comply with business continuity best practice.
• D. Protect the plan from unauthorized alteration.

Correct answer: B

Explanation

The correct answer is B because classifying the disaster recovery plan as confidential helps prevent sensitive information from being exposed, which could be exploited by attackers. Options A and C focus on compliance and best practices but do not directly address the security risks. Option D, while important, does not capture the primary concern of preventing data leakage that could lead to an attack.