Certified Information Systems Auditor (CISA) — Question 738

An IS auditor is reviewing results from the testing of an organization’s disaster recovery plan (DRP). Which of the following findings should be of GREATEST concern?

Answer options

• A. The testing was done after implementing a business application.
• B. The backups at the DR site are not encrypted.
• C. The testing was done during critical business hours.
• D. The backups at the DR site are unreadable.

Correct answer: D

Explanation

The greatest concern is with option D, as unreadable backups at the DR site indicate that data cannot be restored in the event of a disaster, which directly impacts recovery capabilities. While options A, B, and C present issues, they do not pose an immediate risk to the ability to recover critical data as option D does.