CompTIA CASP+ Exam: Addressing RPO Requirements

Addressing RPO Requirements

Question

A security analyst is reviewing the following company requirements prior to selecting the appropriate technical control configuration and parameter: RTO:2 days - RPO: 36 hours - MTTR:24 hours - MTBF:60 days - Which of the following solutions will address the RPO requirements?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

The requirements given in the question are RTO (Recovery Time Objective) of 2 days, RPO (Recovery Point Objective) of 36 hours, MTTR (Mean Time to Repair) of 24 hours, and MTBF (Mean Time Between Failures) of 60 days. The question specifically asks which solution will address the RPO requirement.

RPO is the maximum amount of data loss that an organization can tolerate after an incident. In other words, it's the point in time to which data can be recovered after an incident.

Option A, a remote syslog facility collecting real-time events, is not related to RPO requirements. A remote syslog facility is used to collect log data from various devices and applications, which can be useful in forensic analysis and troubleshooting, but it doesn't address the RPO requirement.

Option B, a server farm behind a load balancer delivering five-nines uptime, is focused on providing high availability and uptime. It's not specifically related to data recovery or RPO requirements.

Option C, a backup solution that implements daily snapshots, is a possible solution that could meet the RPO requirement. Daily snapshots could provide a recovery point within 24 hours, which is less than the RPO requirement of 36 hours. However, it's important to note that a daily backup schedule may not be sufficient in all cases, and the frequency of backups should be determined based on the criticality of the data being backed up.

Option D, a cloud environment distributed across geographic regions, is also a possible solution that could meet the RPO requirement. A cloud environment that replicates data across multiple geographic regions could provide a recovery point within 36 hours, which meets the RPO requirement. However, it's important to ensure that the cloud environment is properly configured for data replication and that the replication process is tested to ensure it meets the RPO requirement.

In conclusion, the most appropriate solution for addressing the RPO requirement would be either option C or D. The choice between the two would depend on various factors such as the criticality of the data, cost, and ease of implementation.