nerdexam
(ISC)2

CISSP · Question #1157

A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes. The current design has all of the application infrastructure located within one co- loca

The correct answer is A. Availability. The scenario describes evaluating whether a single-datacenter design can meet an RPO of 15 minutes, which is fundamentally an assessment of the system's availability posture and resilience to disruption.

Submitted by paula_co· Mar 5, 2026Security and Risk Management

Question

A security architect is reviewing plans for an application with a Recovery Point Objective (RPO) of 15 minutes. The current design has all of the application infrastructure located within one co- location data center. Which security principle is the architect currently assessing?

Options

  • AAvailability
  • BDisaster recovery (DR)
  • CRedundancy
  • DBusiness continuity (BC)

How the community answered

(58 responses)
  • A
    84% (49)
  • B
    5% (3)
  • C
    2% (1)
  • D
    9% (5)

Why each option

The scenario describes evaluating whether a single-datacenter design can meet an RPO of 15 minutes, which is fundamentally an assessment of the system's availability posture and resilience to disruption.

AAvailabilityCorrect

Availability is the security principle concerned with ensuring systems and data are accessible when needed, including surviving failures or disasters. An RPO of 15 minutes defines how much data loss is tolerable during an outage, which directly measures the availability requirement of the system. The architect is assessing whether the single-datacenter design can maintain sufficient availability to meet that recovery objective.

BDisaster recovery (DR)

Disaster Recovery is a set of processes and technologies used to restore systems after a disruption, not the overarching security principle being evaluated when reviewing RPO requirements against an infrastructure design.

CRedundancy

Redundancy is a specific technical mechanism (duplicating components to prevent single points of failure) used to achieve availability, but it is not the broader security principle the architect is assessing at the design review level.

DBusiness continuity (BC)

Business Continuity refers to the broader organizational capability to maintain essential functions during and after a disaster, which encompasses more than just the technical RPO metric being evaluated in this scenario.

Concept tested: Availability principle and RPO in security design

Source: https://learn.microsoft.com/en-us/azure/well-architected/reliability/metrics

Topics

#RPO#availability#disaster recovery#single point of failure

Community Discussion

No community discussion yet for this question.

Full CISSP Practice