Certified Information Security Manager (CISM) — Question 496

What is the PRIMARY purpose of an unannounced disaster recovery exercise?

Answer options

• A. To provide metrics to senior management
• B. To evaluate how personnel react to the situation
• C. To assess service level agreements (SLAs)
• D. To estimate the recovery time objective (RTO)

Correct answer: B

Explanation

The primary goal of an unannounced disaster recovery exercise is to evaluate how personnel react to a crisis, which helps identify strengths and weaknesses in their response. While providing metrics to senior management, assessing SLAs, and estimating RTO are important, they are not the main focus of such an exercise.