(ISC)2 Certified in Cybersecurity Practice Exam

What does Recovery Point Objective (RPO) refer to?

• A. The total restoration cost
• B. The amount of data to recover
• C. The time taken to restore service
• D. The frequency of backups

The correct answer is: The amount of data to recover

Recovery Point Objective (RPO) is a critical concept within disaster recovery and data protection strategies. It refers specifically to the maximum acceptable amount of data loss measured in time. In practical terms, it indicates the point in time to which data must be restored after an incident, such as a system failure or a cyber attack. When an organization defines its RPO, it determines how frequently data backups should occur to ensure that the potential loss of data remains within acceptable limits. For instance, if an RPO of one hour is established, it means the organization is willing to lose up to one hour's worth of data. Therefore, the amount of data to recover directly corresponds to the time frame set by the RPO. While the other options presented are relevant to disaster recovery and data management, they do not accurately define RPO. The total restoration cost pertains to the financial implications of recovery efforts. The time taken to restore service is better described by Recovery Time Objective (RTO), which focuses on how quickly services must be restored after an incident. The frequency of backups is an operational measure but does not encapsulate the definition of RPO in terms of acceptable data loss. Instead, it is a strategy used to achieve the objectives set forth by the R