- A
Hot site is more expensive to maintain
Hot sites require constant replication and active hardware, increasing costs.
- B
Cold site has pre-installed software and applications
Why wrong: Cold sites have no pre-installed software; that would be warm or hot.
- C
Hot site has real-time data synchronization
Hot sites use synchronous replication for zero data loss.
- D
Both have the same recovery time objective (RTO)
Why wrong: Hot sites have much shorter RTOs than cold sites.
- E
Cold site has no hardware or infrastructure installed
Cold sites are empty spaces; hardware must be brought in.
Quick Answer
The answer is that a cold site has no hardware or infrastructure installed, while a hot site is fully equipped and operational. This difference stems from the core purpose of each: a hot site is a mirrored, active environment with real-time data synchronization, pre-installed hardware, and live network connectivity, enabling near-instant recovery, whereas a cold site is a bare facility requiring manual setup and provisioning before any recovery can begin. On the ISC2 Certified in Cybersecurity CC exam, this distinction tests your understanding of Recovery Time Objectives (RTO) and cost trade-offs in disaster recovery planning. A common trap is assuming a cold site is simply a cheaper version of a hot site, but the key is that a cold site lacks all active infrastructure, not just some. To remember it, think “Hot is ready to go, Cold is a frozen shell.”
ISC2 CC Business Continuity, DR & Incident Response Practice Question
This CC practice question tests your understanding of business continuity, dr & incident response. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Which THREE are differences between a hot site and a cold site? (Select three.)
Answer choices
Why each option matters
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
Hot site is more expensive to maintain
A hot site is a fully operational, mirrored environment with real-time data synchronization, pre-installed hardware, and active network connectivity, making it significantly more expensive to maintain due to ongoing costs for power, cooling, bandwidth, and dedicated staff. In contrast, a cold site is a bare facility with no active infrastructure, requiring manual setup and provisioning before recovery can begin. The higher cost of a hot site is justified by its near-zero Recovery Time Objective (RTO), whereas a cold site's lower cost reflects its much longer RTO.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
- ✓
Hot site is more expensive to maintain
Why this is correct
Hot sites require constant replication and active hardware, increasing costs.
Related concept
Read the scenario before looking for a memorised answer.
- ✗
Cold site has pre-installed software and applications
Why it's wrong here
Cold sites have no pre-installed software; that would be warm or hot.
- ✓
Hot site has real-time data synchronization
Why this is correct
Hot sites use synchronous replication for zero data loss.
Related concept
Read the scenario before looking for a memorised answer.
- ✗
Both have the same recovery time objective (RTO)
Why it's wrong here
Hot sites have much shorter RTOs than cold sites.
- ✓
Cold site has no hardware or infrastructure installed
Why this is correct
Cold sites are empty spaces; hardware must be brought in.
Related concept
Read the scenario before looking for a memorised answer.
Common exam traps
Common exam trap: answer the scenario, not the keyword
ISC2 often tests the misconception that a cold site has some pre-installed infrastructure or software, when in fact it is a completely empty facility with only power and cooling, and that RTO is identical across site types, whereas RTO is a key differentiator between hot, warm, and cold sites.
Detailed technical explanation
How to think about this question
Hot sites often use synchronous replication (e.g., via Fibre Channel or iSCSI with synchronous mirroring) to maintain zero data loss (RPO=0), requiring low-latency dedicated links between primary and secondary sites. Cold sites rely on manual restoration from offsite backups (e.g., tape or cloud snapshots), which introduces significant data loss (RPO of hours or days) and requires full OS and application installation, configuration, and data restoration before services can resume. In real-world scenarios, organizations may choose a warm site as a compromise, with pre-installed hardware but no real-time data sync, balancing cost and RTO.
KKey Concepts to Remember
- Read the scenario before looking for a memorised answer.
- Find the constraint that changes the correct option.
- Eliminate answers that are true in general but not in this case.
TExam Day Tips
- Watch for words such as best, first, most likely and least administrative effort.
- Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A security analyst at a medium-sized enterprise encounters this scenario during an investigation or architecture review. The correct answer reflects best practice for the specific threat or control described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Security exam questions test whether you can match controls to threats in context — not just recall definitions.
What to study next
Got this wrong? Here's your next step.
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
- →
Business Continuity, DR & Incident Response — study guide chapter
Learn the concepts, then practise the questions
- →
Business Continuity, DR & Incident Response practice questions
Targeted practice on this topic area only
- →
All CC questions
500 questions across all exam domains
- →
ISC2 Certified in Cybersecurity CC study guide
Full concept coverage aligned to exam objectives
- →
CC practice test guide
How to use practice tests most effectively before exam day
Related practice questions
Related CC practice-question pages
Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.
Access Controls Concepts practice questions
Practise CC questions linked to Access Controls Concepts.
Business Continuity, DR & Incident Response practice questions
Practise CC questions linked to Business Continuity, DR & Incident Response.
Security Principles practice questions
Practise CC questions linked to Security Principles.
Network Security practice questions
Practise CC questions linked to Network Security.
Security Operations practice questions
Practise CC questions linked to Security Operations.
CC fundamentals practice questions
Practise CC questions linked to CC fundamentals.
CC scenario practice questions
Practise CC questions linked to CC scenario.
CC troubleshooting practice questions
Practise CC questions linked to CC troubleshooting.
Practice this exam
Start a free CC practice session
Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.
FAQ
Questions learners often ask
What does this CC question test?
Business Continuity, DR & Incident Response — This question tests Business Continuity, DR & Incident Response — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Hot site is more expensive to maintain — A hot site is a fully operational, mirrored environment with real-time data synchronization, pre-installed hardware, and active network connectivity, making it significantly more expensive to maintain due to ongoing costs for power, cooling, bandwidth, and dedicated staff. In contrast, a cold site is a bare facility with no active infrastructure, requiring manual setup and provisioning before recovery can begin. The higher cost of a hot site is justified by its near-zero Recovery Time Objective (RTO), whereas a cold site's lower cost reflects its much longer RTO.
What should I do if I get this CC question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Same concept, more angles
4 more ways this is tested on CC
These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.
Variation 1. Which is a key benefit of a cold site as a recovery location?
medium- A.Real-time data synchronization
- ✓ B.Low cost
- C.Reduced need for testing
- D.Fast recovery time
Why B: A cold site is a backup facility that provides only the physical infrastructure (power, cooling, and space) but no pre-installed hardware or live data. Because it lacks equipment and requires manual setup before recovery can begin, it has the lowest capital and operational costs among recovery site options, making low cost its key benefit.
Variation 2. Which statement best describes a warm site in disaster recovery?
hard- A.It has replicated data but no active systems
- B.It is fully operational with real-time data synchronization
- ✓ C.It has hardware and network equipment but requires data restoration from backups
- D.It has no hardware or infrastructure installed
Why C: A warm site is a middle-ground disaster recovery option that has hardware and network infrastructure pre-installed but does not have live, synchronized data. Instead, data must be restored from backups (e.g., tape or disk snapshots) before operations can resume. This contrasts with a hot site, which maintains real-time data replication and fully active systems.
Variation 3. A small business with limited budget wants to ensure critical business functions can resume within 24 hours of a disaster. Their data changes infrequently. Which recovery solution is MOST cost-effective?
medium- A.Warm site with daily backups
- ✓ B.Cloud backup with instant restore
- C.Cold site with monthly backups
- D.Hot site with real-time replication
Why B: Cloud backup with instant restore (Option B) is the most cost-effective solution because the business has a limited budget, data changes infrequently, and the RTO is 24 hours. Cloud backup eliminates the need for maintaining physical infrastructure, and instant restore from cloud snapshots can meet the 24-hour RTO without the high costs of a warm or hot site.
Variation 4. A primary data center is destroyed. The disaster recovery plan calls for activation of a hot standby site. If the RTO is 2 hours, what is the expected recovery time?
medium- A.Exactly 2 hours
- B.More than 2 hours
- C.Unknown, depends on the disaster
- ✓ D.Less than 2 hours
Why D: The RTO (Recovery Time Objective) defines the maximum acceptable downtime, not the guaranteed recovery time. A hot standby site is fully operational and synchronized, so recovery can be completed in less than the RTO if the disaster does not cause additional complications. Option D is correct because the expected recovery time should be less than the 2-hour RTO, assuming the hot site functions as designed.
Last reviewed: Jun 30, 2026
This CC practice question is part of Courseiva's free ISC2 certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the CC exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.