Choice "A" is correct. The first step in preparing a disaster recovery plan is to determine the responsibilities of the various participants in the plan. Prior to that first step, a determination is made of the kind and extent of recovery that is needed. Once that decision is made, the people responsible for the recovery can be determined (and those people will normally prepare the plan itself). Like with any other plan, an unclear designation of responsibilities will normally lead to a lousy plan, and a lousy plan will lead to a lousy recovery. All plans need to be tested.
Choice "d" is incorrect. The information security architecture has nothing to do with a disaster recovery plan. Bulletproofing the architecture might be something that is needed (although it is normally not the "architecture" that is bulletproofed), but not as part of a disaster recovery plan.
Choice "b" is incorrect. A hot site may or may not be in the disaster recovery plan, depending on what kind of recovery is needed. Recovery is much faster at a hot site than at a cold site, and "fast" recovery is often needed. With a hot site, hardware is sitting "on the floor" waiting to be configured and used. A hot site normally costs more than a cold site.
Choice "c" is incorrect. A cold site may or may not be in the disaster recovery plan, depending on what kind of recovery is needed. Recovery is much slower at a cold site than at a hot site because hardware must be ordered, delivered, received, and configured.
