Certified in Risk and Information Systems Control (CRISC) — Question 432

Which of the following should be the PRIMARY basis for prioritizing two risk scenarios related to network service disruption that have the same impact?

Answer options

• A. Recovery time objectives (RTOs)
• B. Recovery point objectives (RPOs)
• C. Mean time between failures (MTBF)
• D. Mean time to restore (MTTR)

Correct answer: A

Explanation

The correct answer is A, Recovery time objectives (RTOs), because RTOs directly indicate how quickly services must be restored after a disruption, which is crucial for prioritization. Other options, such as RPOs, MTBF, and MTTR, provide important metrics but do not specifically address the urgency of recovery in the same way RTOs do.