Dear team
I am preparing for upcoming CISSP exam and currently doing self study.
Need you advice for below question
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
I suppose the best answer should be Option C as finding the flaws and fixing the same should be the primary goal.
but even option A make sense.
Appreciate your advice on the correct answer.
Thanks
Nitesh
@Nitesh wrote
What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
I suppose the best answer should be Option C as finding the flaws and fixing the same should be the primary goal.
but even option A make sense.
__________________________________________________________________________
First, where did you get this question?
Second, A is partially right but in a real disaster you might not have all the IT staff and you might need to use other folk to do the work (that is, you might an UNIX guide follow the instructions to boot a windows box or vice versa or you might only have your B or C team available).
The optimal answer is C, you want to walk through the plan and try to learn about the weaknesses within your plan, such that you can find rapid solutions and document them
So I would also say that B could be correct. If you are using a backup site (hot or cold), part of the exercise is to determine whether that site has the capacity/bandwidth to handle the recovery.
I am not the author of the question but I assume that they are lumping A and B into C, making C the best answer to the question.
As to D, testing the plan would not provide high level awareness with IT staff.
My take on the question.
Anyone else
d
I really don't like questions because they seem so subjective you me. I worked at a company where they had almost no backups when I got there and they did not like it when I told them the needed to spend 10K on backup tapes. The problem was even though I was able to get everything to be backed up I did not thing to test the backups and sure enough one tape drive was faulty! I never gave any king of error but the backups did not work!
So because of this I would go with answer C, but you need to take the mentality of the Organization into account. Some focus on the best operational answer where I have seem others focus on the best management answer. To me, all answers are valid, but they always seem to want "the best" answer.
Just something to think about.
John-
@rslade wrote
> As to D, testing the plan would not provide
> high level awareness with IT staff.
Oh, come on, Diana. Even 20 years ago we were teaching about the value of using
a full-on simulation test for awareness training (although it definitely does limit D
as an answer).
Rob, yes 20 years ago we were teaching the value of full-on simulation but if we were doing it right, this training provided the high level knowledge. The actual exercise provided either sheer panic in some staff or quiet acknowledgement. I never had to explain why we were doing the exercise whilst doing one. So I stand by my original statement D is a throwaway answer.
d
I did get this question while practicing for the exam online.
The source is examtopics.com
Thanks
Nitesh
@Nitesh wrote:What is the MAIN reason for testing a Disaster Recovery Plan (DRP)?
- A. To ensure Information Technology (IT) staff knows and performs roles assigned to each of them
- B. To validate backup sites' effectiveness
- C. To find out what does not work and fix it
- D. To create a high level DRP awareness among Information Technology (IT) staff
I suppose the best answer should be Option C as finding the flaws and fixing the same should be the primary goal.
but even option A make sense.
Appreciate your advice on the correct answer.
Thanks
Nitesh
Remember that when you do testing of your plans, BCP, DRP, COOP, etc. it is usually done in a controlled manner and not during an actual emergency. The reason we do this is to know that, during an emergency things works as planned. Doing controlled and planned tests allow you the time to find resources to fix any identified errors in your plan.
So if your backup solution or your DRP did not work as planned (C) how would
A) IT people knowing their roles help any?
B) Validating the backup site's effectiveness be of any importance? If the backups didn't work I would say that the site isn't effective. Well technically the backup solution is not effective, the site where it sits may not make any difference.
D) IT staff having a high level of DRP awareness help you get back up and running?
To me, even though the other answers are partially correct and are desired outcomes, the question asks the main reason for testing a DRP plan. The main thing is to find out what works and what doesn't work during a CONTROLLED exercise and not during an actual emergency. Then you have plenty of time to find money, resources, or other needed items to make the DRP work so that it would be ready during an actual emergency.