Certified Information Systems Auditor (CISA) — Question 420

An organization has adopted a backup and recovery strategy that involves copying on-premise virtual machine (VM) images to a cloud service provider. Which of the following provides the BEST assurance that VMs can be recovered in the event of a disaster?

Answer options

• A. Existence of a disaster recovery plan (DRP) with specified roles for emergencies
• B. Periodic on-site restoration of VM images obtained from the cloud provider
• C. Procurement of adequate storage for the VM images form the cloud service provider
• D. Inclusion of the right to audit in the cloud service provider contract

Correct answer: B

Explanation

Option B is correct because periodically restoring VM images on-site ensures that the backup process is functioning correctly and that the images can be effectively used for recovery. The other options, while important for disaster recovery planning, do not directly ensure the ability to restore VMs in real-world scenarios as effectively as regular on-site restorations do.