Which type of disaster recovery plan (DRP) testing carries the MOST operational risk?
Correct Answer: A
The type of disaster recovery plan (DRP) testing that carries the most operational risk is cutover. DRP testing is the process of verifying and validating the effectiveness and readiness of the DRP, which is a plan that defines the procedures and resources for restoring the critical business functions and systems after a disaster or an outage. DRP testing can be performed using different methods, such as:
* Cutover: This method involves switching the entire production environment to the backup or recovery site, and testing the functionality and performance of the systems and processes at the recovery site. This method provides the most realistic and comprehensive test of the DRP, but it also carries the most operational risk, as it may disrupt the normal business operations, cause data loss or inconsistency, or introduce errors or failures in the systems or processes.
* Walkthrough: This method involves reviewing and discussing the DRP with the relevant stakeholders, such as the management, the staff, or the vendors, and identifying any gaps, issues, or improvements in the plan. This method provides the least realistic and comprehensive test of the DRP, but it also carries the least operational risk, as it does not involve any actual execution or switching of the systems or processes.
* Tabletop: This method involves simulating a disaster scenario and testing the DRP with a selected group of participants, such as the DRP team, the business owners, or the auditors, and evaluating the roles, responsibilities, and actions of the participants. This method provides a moderate level of realism and comprehensiveness in testing the DRP, but it also carries a moderate level of operational risk, as it may require some preparation, coordination, or documentation of the simulation and the results.
* Parallel: This method involves running the systems and processes at both the production and the recovery sites simultaneously, and comparing the outputs and outcomes of the sites. This method provides a high level of realism and comprehensiveness in testing the DRP, but it also carries a high level of operational risk, as it may consume more resources, cause data synchronization or duplication issues, or create conflicts or confusion between the sites.
References: CISSP All-in-One Exam Guide, Eighth Edition, Chapter 8: Security Operations, page
1024. Official (ISC)2 CISSP CBK Reference, Fifth Edition, Chapter 7: Security Operations, page 1030.