Exam CISA All QuestionsBrowse all questions from this exam
Question 1150

An organization relies on an external vendor that uses a cloud-based Software as a Service (SaaS) model to back up its data. Which of the following is the GREATEST risk to the organization related to data backup and retrieval?

    Correct Answer: D

    The greatest risk associated with using a cloud-based SaaS vendor for data backup and retrieval is that the vendor may be unable to restore data by recovery time objective (RTO) requirements. RTO is a critical metric that represents the maximum acceptable downtime for systems and data. If the vendor is unable to meet the agreed-upon RTO, it could lead to significant disruptions, operational downtime, financial losses, and damage to the organization's reputation. Thus, ensuring that the vendor can comply with RTO requirements is paramount to maintaining business continuity and preventing extended outages.

Discussion
46080f2Option: C

My experience is that if the area is always narrowed down in a question, the best answer options are those that relate to this narrowing down. Here we have the limitation to backup and retrieval in general. D. refers to business continuity / disaster recovery. If we now weigh up the greatest risk, "C. The vendor may be unable to restore critical data" is the right answer for me.

SibsankarOption: C

C. The vendor may be unable to restore critical data. Reliability and effectiveness in data restoration are paramount when it comes to data backup services. If the vendor is unable to restore critical data when needed, it could result in significant operational disruptions, data loss, and potentially severe consequences for the organization. Therefore, ensuring that the vendor has the capability to restore critical data is of utmost importance in mitigating risks associated with data backup and retrieval.

SwallowsOption: C

Dependence on an external vendor for data backup and retrieval means the organization's ability to access critical data hinges on the vendor's capabilities. If the vendor encounters difficulties or failures in restoring critical data, it can lead to significant disruptions, financial losses, and reputational damage to the organization.

MJORGEROption: D

D. The vendor may be unable to restore data by recovery time objective (RTO) requirements Recovery Time Objective (RTO) is a critical metric in disaster recovery and downtime tolerance.

a84n

Answer D In a cloud-based Software as a Service (SaaS) model, the organization often has specified Recovery Time Objectives (RTOs), which represent the maximum acceptable downtime for systems and data. If the vendor fails to restore data within the agreed-upon RTOs, it could disrupt business operations, cause financial losses, and damage customer trust. The inability of the vendor to meet RTO requirements directly impacts the organization's ability to resume operations swiftly after a data loss event. If critical data cannot be restored within the specified RTO, it could lead to extended periods of downtime, impacting productivity and potentially resulting in financial penalties if service level agreements (SLAs) are not met. Therefore, the risk that the vendor may be unable to restore data by RTO requirements (option D) is indeed significant, as it directly affects the organization's ability to recover from data loss incidents and maintain business continuity.

Zirgelis1Option: C

C. The vendor may be unable to restore critical data.

RachyOption: D

D. Recovery time objective is essential for this scenario