Certified Information Systems Auditor (CISA) — Question 603

Which of the following BEST enables an organization to quantify acceptable data loss in the event of a disaster?

Answer options

• A. Recovery time objective (RTO)
• B. Recovery point objective (RPO)
• C. Availability of backup software
• D. Mean time to recover (MTTR)

Correct answer: B

Explanation

The Recovery Point Objective (RPO) is the metric that specifically quantifies the maximum amount of data loss an organization can tolerate in the event of a disaster, making it the best answer. On the other hand, Recovery Time Objective (RTO) focuses on the time to recover, the availability of backup software does not directly quantify data loss, and Mean Time to Recover (MTTR) measures recovery efficiency rather than acceptable data loss.