Correct Answer: D
The minimum standard for testing a disaster recovery plan (DRP) is to test it as often as necessary depending on the stability of the environment and the business requirements. A DRP is a document that outlines the procedures and steps to restore the critical functions and operations of an organization in the event of a disaster or disruption. A DRP should be tested regularly to ensure its effectiveness, validity, and alignment with the current environment and business needs. The frequency of testing may vary depending on the changes in the environment, such as new technologies, threats, regulations, or processes, and the business requirements, such as recovery objectives, service levels, or risk appetite. Testing a DRP semi-annually, annually, or quarterly may not be sufficient or appropriate for some organizations, as it may not reflect the current state of the environment or the business. Testing a DRP based on the audit department requirements may not be optimal or realistic, as it may not consider the operational or technical aspects of the DRP. References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 19: Security Operations, page 1869.