Effective CISSP Questions

You are preparing for Information System Contingency Plan (ISCP) and considering solutions of alternate sites. Which of the following is not one of the objectives that directly drive your planning work in terms of information systems?
A. Maximum Tolerable Downtime (MTD)
B. Service Delivery Objective (SDO)
C. Recovery Point Objective (RPO)
D. Recovery Time Objective (RTO)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Maximum Tolerable Downtime (MTD).

Since you are preparing for the “contingency plan” for an information system with consideration of alternate sites, you must have finished the system level BIA and identified and set the objectives for the alternate sites.

Maximum Tolerable Downtime (MTD) is a business constraint that stands for the maximum tolerable disruption of critical processes or prioritized activities. They depend on various resources, such as people, information and data, buildings, workplaces and associated utilities, equipment and consumables, ICT systems, transportation and logistics, finance, and partners and the supply chain. Each of those resources has its RTO to support those critical processes or prioritized activities.

In other words, the MTD of a critical process dominates the RTOs of its dependent resources. The RTO of an information system is subject to the MTD of the critical process it supports. The information system contingency plan and its alternate site solution should be aligned with the RTO.

RTO not only requires the information system to be resumed in the specified target of time but also requires the latest date to be restored and operate at a specified capacity or service level. As a result, RPO and SDO are objectives that come with RTO. As a result, the effectiveness of your plan and alternate site solution is determined by RTO, ROP, and SDO, not the MTD.

Last but not least, Maximum Tolerable Downtime (MTD) is a business constraint or requirement that drives objective setting. Service Delivery Objective (SDO), Recovery Point Objective (RPO), and Recovery Time Objective (RTO) are objectives as the term “objective” is explicitly denotes literally.


1 thought on “CISSP PRACTICE QUESTIONS – 20200406

Leave a Reply