Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Business Continuity, DR & Incident Response practice sets

ISC2 CC Business Continuity, DR & Incident Response • Complete Question Bank

ISC2 CC Business Continuity, DR & Incident Response — All Questions With Answers

Complete ISC2 CC Business Continuity, DR & Incident Response question bank — all 0 questions with answers and detailed explanations.

85
Questions
Free
No signup
Certifications/ISC2 CC/Practice Test/Business Continuity, DR & Incident Response/All Questions
Question 1easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

During a ransomware incident, the incident response team isolates affected systems. Which of the following is the NEXT best step?

Question 2mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

An organization's recovery time objective (RTO) for its customer database is 4 hours. During a disaster, the backup restore process takes 2 hours, but reconfigure and test tasks add another 3 hours. Which action best addresses this gap?

Question 3hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

A SOC analyst receives an alert indicating a user executed a PowerShell script that initiated outbound connections to an external IP. The script was delivered via email attachment. Which incident response phase is MOST appropriate for containing this threat?

Question 4easymultiple choice
Read the full NAT/PAT explanation →

A company's business continuity plan includes an alternate work site with full IT capabilities. Which type of recovery site does this describe?

Question 5mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

An organization uses a primary data center and a backup site 500 miles away. The backup site replicates data synchronously. Which risk is MOST likely introduced by this configuration?

Question 6hardmulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which TWO actions are appropriate during the identification phase of incident response?

Question 7mediummulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which THREE elements are essential components of a business continuity plan (BCP)?

Question 8easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Based on the incident log, at which step did the incident response team contain the threat?

Exhibit

Refer to the exhibit.

---
Incident #1023 - Malware Infection
Detection: Antivirus alert on workstation WKS-045
Time: 2024-03-15 14:22 UTC
Actions:
  14:25 - Isolated WKS-045 from network
  14:30 - Scanned system, detected Trojan.Downloader
  14:35 - Escalated to incident handler
  14:45 - Removed malware via AV
  15:00 - System back online
---
Question 9mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Based on the backup schedule, what is the maximum potential data loss?

Exhibit

Refer to the exhibit.

---
Backup Configuration (extract):
- Full backup: Every Sunday at 01:00
- Differential backup: Monday-Saturday at 01:00
- Retention: 30 days
---
A server fails on Wednesday at 10:00. The administrator restores from the most recent full backup and applies the latest differential backup. How much data loss is expected?
Question 10hardmultiple choice
Read the full NAT/PAT explanation →

You are the incident response lead for a financial services company. At 09:00, the SOC detects unusual outbound traffic from a server in the DMZ to an external IP known to be a command-and-control (C2) server. The server runs a legacy application that cannot be patched. The server is critical for customer transactions, but an alternate manual process can sustain operations for up to 4 hours. The CTO wants to keep the server online to avoid customer impact. The CEO is concerned about data exfiltration. The compliance officer reminds you of regulatory requirements to report breaches within 72 hours. Which action should you take FIRST?

Question 11mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

An organization experiences a ransomware attack that encrypts critical file servers. The backups are stored on a separate network segment but are also encrypted. The incident response team suspects the attacker compromised the backup system using stored credentials. Which best practice should have been implemented to prevent this?

Question 12hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

During a tabletop exercise for a data center outage, the IT manager realizes that the disaster recovery plan does not specify how to failover the database cluster. The primary data center fails completely. The standby site has a replica of the database, but the application team cannot promote it because they lack the necessary privileges. What is the most likely cause of this gap?

Question 13mediummulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which TWO actions are most effective in reducing the mean time to detect (MTTD) a security incident?

Question 14hardmultiple choice
Read the full network assurance explanation →

The exhibit shows a syslog-ng client configuration and a firewall rule on the central logging server (IP 10.0.0.10). The client (192.168.1.100) is not sending logs to the server. What is the most likely cause?

Exhibit

Refer to the exhibit.

syslog-ng configuration:
@version: 3.35
destination d_remote { syslog("10.0.0.10" transport("tls") port(6514)); };
log { source(s_sys); destination(d_remote); };

Firewall rule on logging server:
permit tcp host 10.0.0.10 eq 6514 host 192.168.1.100
Question 15easymultiple choice
Read the full DNS explanation →

A mid-sized e-commerce company has a primary data center in New York and a disaster recovery site in Dallas. The application stack includes a web server, application server, and a PostgreSQL database. The database uses synchronous replication to the DR site. During a routine failover test, the IT team discovers that after failing over to Dallas, the web servers in New York continue to attempt connections to the original database IP, causing application errors. The DNS records have been updated to point to the DR database IP, but the web servers are not refreshing their DNS cache. The company uses a standard TTL of 300 seconds. The IT manager needs a solution that ensures minimal disruption during future failovers. Which action should be taken?

Question 16mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

A company's primary data center experiences a complete power failure, and operations are shifted to a secondary site. The failover process takes 4 hours, but the recovery point objective (RPO) is set to 1 hour. Which of the following is the most likely consequence of this incident?

Question 17hardmulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which TWO of the following are primary objectives of an incident response plan? (Choose two.)

Question 18easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Refer to the exhibit. A security analyst observes that users from the 192.168.1.0/24 network cannot access HTTPS websites, but HTTP access works fine. What is the most likely cause?

Exhibit

Refer to the exhibit.

! Configuration snippet from router R1
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 443
access-list 100 deny ip any any log
!
interface GigabitEthernet0/0
 ip access-group 100 in
!
Question 19mediumdrag order
Read the full Business Continuity, DR & Incident Response explanation →

Drag and drop the steps for the TCP three-way handshake into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 20mediumdrag order
Read the full Business Continuity, DR & Incident Response explanation →

Drag and drop the steps for the proper disposal of a hard drive containing sensitive data into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 21mediummatching
Read the full Business Continuity, DR & Incident Response explanation →

Match each access control model to its key characteristic.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Owner sets permissions

System-enforced labels

Roles determine access

Attributes and policies

Question 22mediummatching
Read the full Business Continuity, DR & Incident Response explanation →

Match each cryptographic concept to its definition.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Same key for encrypt and decrypt

Key pair: public and private

One-way transformation to fixed size

Ensures authenticity and non-repudiation

Binds a public key to an identity

Question 23easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

A company's backup strategy involves daily full backups only. What is the primary risk associated with this approach?

Question 24easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

An organization discovers a ransomware infection on a critical server. According to the incident response phases, what should be the first action after detection?

Question 25easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Which metric defines the maximum acceptable amount of data loss measured in time?

Question 26mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

A primary data center is destroyed. The disaster recovery plan calls for activation of a hot standby site. If the RTO is 2 hours, what is the expected recovery time?

Question 27mediummultiple choice
Read the full NAT/PAT explanation →

During a disaster recovery test, backup tapes fail to restore data due to format incompatibility. Which element of the Business Continuity Plan should be updated?

Question 28mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Which is a key benefit of a cold site as a recovery location?

Question 29hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

During a disaster recovery exercise, the system fails to achieve the RTO. Analysis shows that restoring the database from tape takes 3 hours, but the RTO is 2 hours. Which is the most effective solution?

Question 30hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

According to the NIST 800-61 incident response lifecycle, after containment and eradication have been performed, what is the next phase?

Question 31hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Which statement best describes a warm site in disaster recovery?

Question 32mediummulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which TWO are primary objectives of a Business Continuity Plan (BCP)? (Select two.)

Question 33mediummulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which TWO are true about a differential backup? (Select two.)

Question 34hardmulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which THREE are differences between a hot site and a cold site? (Select three.)

Question 35mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Refer to the exhibit. Based on the backup log, what is the most likely corrective action?

Exhibit

Backup Log:
10/12/2024 02:00:00 INFO Starting full backup to tape
10/12/2024 02:30:00 ERROR Tape drive connection lost
10/12/2024 02:35:00 INFO Retrying...
10/12/2024 03:00:00 ERROR Backup failed: insufficient storage space
Question 36hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Refer to the exhibit. Which statement best describes compliance with the recovery objectives?

Exhibit

Backup Configuration:
- Full backup: Every Sunday at 01:00
- Incremental backup: Every 4 hours
- RTO: 4 hours
- RPO: 1 hour
Question 37mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Refer to the exhibit. Based on the report, which improvement is most appropriate?

Exhibit

DR Drill Report:
- Network failover: 5 minutes (success)
- Database failover: FAILED (inconsistent data)
- Root cause: Asynchronous replication lag caused data mismatch
Question 38easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

A company has a disaster recovery plan that includes a hot site. Which of the following is the PRIMARY advantage of a hot site over a cold site?

Question 39mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

During an incident, an organization needs to preserve volatile data. Which of the following should be collected FIRST?

Question 40hardmultiple choice
Read the full NAT/PAT explanation →

During a disaster recovery exercise, the team discovers that the backup site does not have the latest security patches applied. Which of the following steps should be taken FIRST?

Question 41easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Which of the following is the PRIMARY purpose of a business impact analysis (BIA)?

Question 42mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

After a security incident has been contained and eradicated, which of the following should be done to improve future incident response?

Question 43hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

An organization uses a warm site for disaster recovery. Which of the following is the MOST significant risk of this approach?

Question 44easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

During a disaster recovery test, the team discovers that the backup generator fails to start. What is the BEST immediate action?

Question 45mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

An organization has detected a ransomware infection. What is the FIRST step in the incident response process?

Question 46hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

During a disaster recovery exercise, the backup systems are not available because the storage array failed. Which of the following should be done FIRST?

Question 47easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Refer to the exhibit. An SOC analyst pulled this log snippet. Which type of attack is most likely in progress?

Exhibit

2023-10-15 14:32:01 DENY TCP 10.0.1.10 192.168.1.1 80 8080
2023-10-15 14:32:02 DENY TCP 10.0.1.11 192.168.1.1 80 8080
2023-10-15 14:32:03 DENY TCP 10.0.1.12 192.168.1.1 80 8080
Question 48mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Refer to the exhibit. An administrator needs to restore a database file from two weeks ago, but the backup log shows success. What is the most likely reason the file cannot be restored?

Exhibit

BackupPolicy:
  Source: /srv/db
  Destination: s3://backup-bucket/daily/
  Schedule: 0 2 * * *
  Encryption: AES-256
  Retention: 30 days
  Tests: Quarterly
Question 49hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Refer to the exhibit. A DBA is investigating a replication issue. What should be the FIRST action?

Exhibit

ERROR 2023-10-16 03:00:00 Replication failed: checksum mismatch on table 'orders' between primary (hash: a1b2c3) and standby (hash: d4e5f6)
WARN 2023-10-16 03:00:01 Automatic recovery initiated
ERROR 2023-10-16 03:15:00 Replication failed: checksum mismatch again
Question 50easymulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which TWO are phases of the NIST incident response life cycle? (Select exactly 2.)

Question 51mediummulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which THREE are commonly defined in a disaster recovery plan? (Select exactly 3.)

Question 52hardmulti select
Read the full Business Continuity, DR & Incident Response explanation →

In incident response, which TWO are considered volatile data that should be collected first? (Select exactly 2.)

Question 53easymultiple choice
Read the full NAT/PAT explanation →

A company's primary data center is destroyed by a natural disaster. The backup site has been fully synchronized but needs to be activated. Which process addresses the activation of the backup site?

Question 54mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

A security analyst receives an alert of unusual network traffic from an internal host to an external IP known for command-and-control. After isolating the host, what should be the next step?

Question 55hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

During a tabletop exercise, the IT team realizes that the backup tapes are stored in the same building as the servers. Which risk does this highlight?

Question 56easymultiple choice
Read the full NAT/PAT explanation →

After a ransomware attack, which team is primarily responsible for coordinating the response?

Question 57mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

A company's BCP requires that critical systems be restored within 2 hours of disruption. Which metric defines this?

Question 58hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

In a cloud environment, the security team discovers that a misconfigured S3 bucket has made customer data publicly accessible. After securing the bucket, what is the most important next step?

Question 59easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Which document outlines the procedures for maintaining critical business functions during a disruption?

Question 60mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

An organization's backup strategy includes daily full backups. However, recovery tests show that restoring from tape takes 6 hours longer than expected. What is the most likely cause?

Question 61hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

During an incident, the IR team identifies that the root cause is a zero-day vulnerability. Which of the following is the best immediate action?

Question 62easymulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which TWO are key outputs of a Business Impact Analysis (BIA)?

Question 63hardmulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which THREE are primary phases of the incident response lifecycle?

Question 64mediummulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which TWO are best practices for managing backup media?

Question 65easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Refer to the exhibit. What is the first action the incident responder should take?

Exhibit

[IDS Alert] Timestamp: 2024-01-20 14:30:00
Signature: SQL Injection Attempt
Source IP: 10.10.10.5
Destination IP: 192.168.1.10
Payload: OR 1=1--
Action: Alert
Question 66mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Refer to the exhibit. What does this indicate?

Exhibit

Backup Job: prod_db_2024-01-15
Status: FAILED
Reason: Checksum mismatch for file user_data.bak
Expected: a1b2c3d4e5f6
Actual: 1a2b3c4d5e6f
Question 67hardmultiple choice
Study the full ACL explanation →

Refer to the exhibit. What is the effect of this ACL?

Exhibit

access-list 100 permit tcp host 10.0.1.0 0.0.0.255 host 192.168.2.100 eq 443
access-list 100 deny tcp any any eq 443
access-list 100 permit ip any any
Question 68easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

A company's primary data center is located in a region prone to hurricanes. The IT team is designing a disaster recovery plan to ensure critical applications resume within 4 hours of a declared disaster. Which of the following is the MOST appropriate recovery strategy?

Question 69mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Refer to the exhibit. A security analyst observes repeated outbound connection attempts from an internal server to external IP addresses on a non-standard port. What is the MOST likely interpretation?

Exhibit

[2025-03-05 14:32:18] BLOCK: src=10.0.2.100 dst=203.0.113.50 port=4444 proto=TCP rule=IDS_Alert_Signature
[2025-03-05 14:32:19] BLOCK: src=10.0.2.100 dst=203.0.113.51 port=4444 proto=TCP
[2025-03-05 14:32:20] BLOCK: src=10.0.2.100 dst=203.0.113.52 port=4444 proto=TCP
Question 70hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

A company's business continuity plan requires a maximum tolerable downtime of 2 hours for the ERP system. The current backup process takes 3 hours to restore. Which of the following is the BEST corrective action?

Question 71easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

During an incident, the incident response team discovers that an attacker has exfiltrated sensitive customer data. According to incident response best practices, whose approval is REQUIRED before contacting law enforcement?

Question 72mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

A company is developing a disaster recovery plan for its database server. The database is updated transactionally and cannot tolerate any data loss. Which backup strategy meets this requirement?

Question 73hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

An organization's incident response plan specifies containment, eradication, and recovery phases. During containment, the team isolates a compromised server from the network. However, the server is a domain controller. What is the PRIMARY risk of this action?

Question 74easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Which metric is used to define the maximum amount of data loss an organization can tolerate during a disaster?

Question 75mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

A small business with limited budget wants to ensure critical business functions can resume within 24 hours of a disaster. Their data changes infrequently. Which recovery solution is MOST cost-effective?

Question 76mediummulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which TWO are essential elements of a business impact analysis (BIA)?

Question 77hardmulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which TWO are appropriate methods to test a disaster recovery plan?

Question 78easymulti select
Read the full Business Continuity, DR & Incident Response explanation →

Which THREE are phases of the incident response process according to NIST SP 800-61?

Question 79hardmultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

Your organization runs a critical e-commerce platform on a private cloud. The database server is located in a data center in a seismic zone. The current DR plan uses a warm site with daily differential backups and a 12-hour RTO. A recent earthquake caused a power outage but no physical damage. The database corruption was discovered after 6 hours. The backups from last night are intact but restoring involves applying transaction logs. The RTO is now at risk. What should be done FIRST?

Question 80mediummultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

A healthcare organization experiences a ransomware attack that encrypts all files on file servers and workstations. The incident response team has isolated the infected systems. The backup policy includes daily incremental backups and weekly full backups stored on a separate network segment. The most recent full backup is 5 days old. The incremental backups from the past 4 days are available but are stored on the same backup server that might be compromised. To restore data with minimal loss, what should the team do?

Question 81easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

A small manufacturing company's IT infrastructure consists of a single server running ERP and file services, with a nightly backup to an external hard drive. The server fails due to hardware failure. The company's BCP states that the ERP system must be restored within 8 hours. The backup is 12 hours old. The IT administrator has a spare server of similar configuration. What is the BEST course of action?

Question 82mediummultiple choice
Read the full NAT/PAT explanation →

An online retailer has a DR plan that includes active-active data centers. During a major DDoS attack, one data center's external connectivity is saturated. The internal network is operational. The security team has identified the attack traffic pattern and is working with the ISP to filter. To maintain service availability, what action should be taken?

Question 83mediummulti select
Read the full Business Continuity, DR & Incident Response explanation →

A company is developing a business continuity plan (BCP). Which TWO of the following are essential components that must be included in a BCP?

Question 84easymultiple choice
Read the full Business Continuity, DR & Incident Response explanation →

You are the cybersecurity lead for a mid-sized retail company. One morning, employees report that they cannot access files on the shared drive, and a ransom note appears on several screens demanding $50,000 in Bitcoin. The company has a formal incident response plan that was last updated two years ago and has never been tested. Backups are taken nightly to an on-premises tape library and also replicated to a cloud storage service but have not been verified recently. The CEO is insisting on paying the ransom to avoid business disruption. Which of the following is the MOST appropriate first course of action?

Question 85hardmultiple choice
Read the full NAT/PAT explanation →

A multinational financial services organization operates three data centers in different geographic regions. Each data center runs a mix of critical and non-critical applications. The DR plan specifies Recovery Time Objectives (RTOs) ranging from 4 hours for critical applications to 72 hours for non-critical. During a scheduled DR test, the team attempts to fail over the primary customer database to the secondary site. The failover fails because the replication link between sites was saturated due to a large data synchronization job running concurrently. The test is declared a failure, and senior management is concerned about the DR plan's reliability. The IT director suggests increasing bandwidth between sites. The security architect proposes implementing network prioritization for replication traffic. The business continuity manager recommends revising the RTOs to be more realistic based on current bandwidth. The system administrator thinks the issue will resolve if the test is repeated during off-peak hours. Which of the following is the BEST course of action to address the root cause of the failure?

Practice tests

Scored 10-question sessions with instant feedback and explanations.

ISC2 CC Practice Test 1 — 10 Questions→ISC2 CC Practice Test 2 — 10 Questions→ISC2 CC Practice Test 3 — 10 Questions→ISC2 CC Practice Test 4 — 10 Questions→ISC2 CC Practice Test 5 — 10 Questions→ISC2 CC Practice Exam 1 — 20 Questions→ISC2 CC Practice Exam 2 — 20 Questions→ISC2 CC Practice Exam 3 — 20 Questions→ISC2 CC Practice Exam 4 — 20 Questions→Free ISC2 CC Practice Test 1 — 30 Questions→Free ISC2 CC Practice Test 2 — 30 Questions→Free ISC2 CC Practice Test 3 — 30 Questions→ISC2 CC Practice Questions 1 — 50 Questions→ISC2 CC Practice Questions 2 — 50 Questions→ISC2 CC Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Access Controls ConceptsBusiness Continuity, DR & Incident ResponseSecurity PrinciplesNetwork SecuritySecurity Operations

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Business Continuity, DR & Incident Response setsAll Business Continuity, DR & Incident Response questionsISC2 CC Practice Hub