Certified Information Systems Auditor (CISA) — Question 660

Which of the following procedures for testing a disaster recovery plan (DRP) is MOST effective?

Answer options

• A. Performing a quarterly tabletop exercise
• B. Reviewing documented backup and recovery procedures
• C. Performing an unannounced shutdown of the computing facility after hours
• D. Testing at a secondary site using offsite data backups

Correct answer: D

Explanation

Testing at a secondary site using offsite data backups is the most effective method because it simulates a real disaster scenario, ensuring that both the recovery procedures and the infrastructure can handle an actual disaster. Other options, like quarterly exercises or reviewing documentation, while useful, do not provide the same level of practical verification that a real-world test does.