Question 481 of 500
Business Continuity, DR & Incident ResponsehardMultiple SelectObjective-mapped

Quick Answer

The answer is that a cold site has no hardware or infrastructure installed, while a hot site is fully equipped and operational. This difference stems from the core purpose of each: a hot site is a mirrored, active environment with real-time data synchronization, pre-installed hardware, and live network connectivity, enabling near-instant recovery, whereas a cold site is a bare facility requiring manual setup and provisioning before any recovery can begin. On the ISC2 Certified in Cybersecurity CC exam, this distinction tests your understanding of Recovery Time Objectives (RTO) and cost trade-offs in disaster recovery planning. A common trap is assuming a cold site is simply a cheaper version of a hot site, but the key is that a cold site lacks all active infrastructure, not just some. To remember it, think “Hot is ready to go, Cold is a frozen shell.”

ISC2 CC Business Continuity, DR & Incident Response Practice Question

This CC practice question tests your understanding of business continuity, dr & incident response. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Which THREE are differences between a hot site and a cold site? (Select three.)

Question 1hardmulti select
Full question →

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Hot site is more expensive to maintain

A hot site is a fully operational, mirrored environment with real-time data synchronization, pre-installed hardware, and active network connectivity, making it significantly more expensive to maintain due to ongoing costs for power, cooling, bandwidth, and dedicated staff. In contrast, a cold site is a bare facility with no active infrastructure, requiring manual setup and provisioning before recovery can begin. The higher cost of a hot site is justified by its near-zero Recovery Time Objective (RTO), whereas a cold site's lower cost reflects its much longer RTO.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Hot site is more expensive to maintain

    Why this is correct

    Hot sites require constant replication and active hardware, increasing costs.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Cold site has pre-installed software and applications

    Why it's wrong here

    Cold sites have no pre-installed software; that would be warm or hot.

  • Hot site has real-time data synchronization

    Why this is correct

    Hot sites use synchronous replication for zero data loss.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Both have the same recovery time objective (RTO)

    Why it's wrong here

    Hot sites have much shorter RTOs than cold sites.

  • Cold site has no hardware or infrastructure installed

    Why this is correct

    Cold sites are empty spaces; hardware must be brought in.

    Related concept

    Read the scenario before looking for a memorised answer.

Common exam traps

Common exam trap: answer the scenario, not the keyword

ISC2 often tests the misconception that a cold site has some pre-installed infrastructure or software, when in fact it is a completely empty facility with only power and cooling, and that RTO is identical across site types, whereas RTO is a key differentiator between hot, warm, and cold sites.

Detailed technical explanation

How to think about this question

Hot sites often use synchronous replication (e.g., via Fibre Channel or iSCSI with synchronous mirroring) to maintain zero data loss (RPO=0), requiring low-latency dedicated links between primary and secondary sites. Cold sites rely on manual restoration from offsite backups (e.g., tape or cloud snapshots), which introduces significant data loss (RPO of hours or days) and requires full OS and application installation, configuration, and data restoration before services can resume. In real-world scenarios, organizations may choose a warm site as a compromise, with pre-installed hardware but no real-time data sync, balancing cost and RTO.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A security analyst at a medium-sized enterprise encounters this scenario during an investigation or architecture review. The correct answer reflects best practice for the specific threat or control described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Security exam questions test whether you can match controls to threats in context — not just recall definitions.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related CC practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free CC practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this CC question test?

Business Continuity, DR & Incident Response — This question tests Business Continuity, DR & Incident Response — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Hot site is more expensive to maintain — A hot site is a fully operational, mirrored environment with real-time data synchronization, pre-installed hardware, and active network connectivity, making it significantly more expensive to maintain due to ongoing costs for power, cooling, bandwidth, and dedicated staff. In contrast, a cold site is a bare facility with no active infrastructure, requiring manual setup and provisioning before recovery can begin. The higher cost of a hot site is justified by its near-zero Recovery Time Objective (RTO), whereas a cold site's lower cost reflects its much longer RTO.

What should I do if I get this CC question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Same concept, more angles

4 more ways this is tested on CC

These questions test the same concept from different angles. Work through them to make sure you can recognise it however the exam phrases it.

Variation 1. Which is a key benefit of a cold site as a recovery location?

medium
  • A.Real-time data synchronization
  • B.Low cost
  • C.Reduced need for testing
  • D.Fast recovery time

Why B: A cold site is a backup facility that provides only the physical infrastructure (power, cooling, and space) but no pre-installed hardware or live data. Because it lacks equipment and requires manual setup before recovery can begin, it has the lowest capital and operational costs among recovery site options, making low cost its key benefit.

Variation 2. Which statement best describes a warm site in disaster recovery?

hard
  • A.It has replicated data but no active systems
  • B.It is fully operational with real-time data synchronization
  • C.It has hardware and network equipment but requires data restoration from backups
  • D.It has no hardware or infrastructure installed

Why C: A warm site is a middle-ground disaster recovery option that has hardware and network infrastructure pre-installed but does not have live, synchronized data. Instead, data must be restored from backups (e.g., tape or disk snapshots) before operations can resume. This contrasts with a hot site, which maintains real-time data replication and fully active systems.

Variation 3. A small business with limited budget wants to ensure critical business functions can resume within 24 hours of a disaster. Their data changes infrequently. Which recovery solution is MOST cost-effective?

medium
  • A.Warm site with daily backups
  • B.Cloud backup with instant restore
  • C.Cold site with monthly backups
  • D.Hot site with real-time replication

Why B: Cloud backup with instant restore (Option B) is the most cost-effective solution because the business has a limited budget, data changes infrequently, and the RTO is 24 hours. Cloud backup eliminates the need for maintaining physical infrastructure, and instant restore from cloud snapshots can meet the 24-hour RTO without the high costs of a warm or hot site.

Variation 4. A primary data center is destroyed. The disaster recovery plan calls for activation of a hot standby site. If the RTO is 2 hours, what is the expected recovery time?

medium
  • A.Exactly 2 hours
  • B.More than 2 hours
  • C.Unknown, depends on the disaster
  • D.Less than 2 hours

Why D: The RTO (Recovery Time Objective) defines the maximum acceptable downtime, not the guaranteed recovery time. A hot standby site is fully operational and synchronized, so recovery can be completed in less than the RTO if the disaster does not cause additional complications. Option D is correct because the expected recovery time should be less than the 2-hour RTO, assuming the hot site functions as designed.

Keep practising

More CC practice questions

Last reviewed: Jun 30, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This CC practice question is part of Courseiva's free ISC2 certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the CC exam.