Which of the following is the first step that should be perf - CompTIA CySA+ CSO-003

Correct Answer: A. Agree on the goals and objectives of the plan

Establishing the goals and objectives of the disaster recovery plan is the essential first step. Before diving into specifics like determining a recovery site or identifying which applications need to be prioritized, you need to have a clear understanding of what the organization aims to achieve with the plan. This could include recovery time objectives (RTO), recovery point objectives (RPO), and identifying critical business functions that must be restored first.

Setting goals ensures that the disaster recovery plan is aligned with business priorities and that all subsequent decisions (e.g., which sites or applications to prioritize) are made in the context of the organization’s objectives.

Determine the site to be used during a disaster

While selecting a disaster recovery site is important, it is a later step in the process. Determining the site or alternate location to recover to is a decision that should be made after understanding the objectives, including how quickly systems need to be restored and the most critical assets that must be protected. The choice of recovery site depends on the goals and objectives of the plan, so it should not be the first action to take.

Demonstrate adherence to a standard disaster recovery process

Adherence to a standard process is important for ensuring the plan is comprehensive and follows best practices. However, demonstrating adherence is a later stage that comes after the goals, objectives, and resources have been defined. It's not the first thing to be done because the plan needs to be tailored to the organization’s specific needs and risks before it can be implemented and tested for compliance.

Identify applications to be run during a disaster

While identifying the critical applications that need to be prioritized is important, this is part of the planning process that follows the establishment of goals and objectives. Before deciding which applications need to be restored first, you must first determine the overall goals (e.g., business continuity, data protection, etc.). Identifying critical applications and systems comes later, once the plan’s objectives are clearly defined.