A company's backups complete successfully every night, but the servers have never been restored from those backups. An auditor instructs the systems administrator to implement regular testing intervals to validate recoverability without placing an excessive burden on staff or hardware. Which practice BEST meets this requirement?
Review the backup application logs every morning; if no errors are reported, assume the restore process will also succeed.
Document a schedule to restore each critical workload at least monthly or quarterly and repeat the test after any significant system or data change.
Perform a full restore of every backup job immediately after it completes to a dedicated sandbox environment.
Once per year, decrypt a randomly selected backup set to confirm the tape drive operates, then return the media to off-site storage.
Industry guidance recommends running restore tests on a predictable schedule (weekly, monthly or quarterly) that reflects the criticality and change rate of each workload, and repeating the test whenever major system or data changes occur. This approach proves that data can be recovered while keeping the number of tests-and therefore the administrative overhead-manageable.
Answer 1 follows that guidance, so it is correct.
Answer 2 waits an entire year and only decrypts media, which does not confirm that systems or applications can be started from the backup.
Answer 3 relies solely on backup logs; log success does not guarantee a usable restore because media corruption, application-level inconsistencies, or configuration drift can still prevent recovery.
Answer 4 performs a full restore after every backup. Although this would provide strong assurance, it is usually impractical for most organizations because of the time, storage, and compute resources required for daily full-scale restores.
Therefore, scheduling periodic restore drills that are more frequent for critical or recently changed systems is the most appropriate strategy.