The correct answer is C — Determine business processes and recovery criticality, identify resource requirements, and identify recovery priorities for system resources.
According to WGU Cybersecurity Architecture and Engineering (KFO1 / D488), a BIA identifies critical business functions, determines the impact of disruptions, and establishes recovery priorities, including resource needs.
A (monitoring) relates to incident response. B (developing BCP) is after BIA. D (recovery strategies) is part of disaster recovery planning after BIA findings.
Reference Extract from Study Guide:
"Business impact analysis (BIA) involves determining critical business processes, evaluating their recovery requirements, and prioritizing system recovery efforts."
— WGU Cybersecurity Architecture and Engineering (KFO1 / D488), Business Impact Analysis Procedures
=============================================
Submit