CompTIA
CAS-002 · Question #752
CAS-002 Question #752: Real Exam Question with Answer & Explanation
The correct answer is A: $60,000. This question requires calculating net monetary value by comparing the reduction in Annual Loss Expectancy (ALE) against the cost of the countermeasure. The net savings after subtracting the countermeasure cost equals $60,000.
Question
A security analyst has been asked to develop a quantitative risk analysis and risk assessment for the company's online shopping application. Based on heuristic information from the Security Operations Center (SOC), a Denial of Service Attack (DoS) has been successfully executed 5 times a year. The Business Operations department has determined the loss associated to each attack is $40,000. After implementing application caching, the number of DoS attacks was reduced to one time a year. The cost of the countermeasures was $100,000. Which of the following is the monetary value earned during the first year of operation?
Options
- A$60,000
- B$100,000
- C$140,000
- D$200,000
Explanation
This question requires calculating net monetary value by comparing the reduction in Annual Loss Expectancy (ALE) against the cost of the countermeasure. The net savings after subtracting the countermeasure cost equals $60,000.
Common mistakes.
- B. $100,000 represents only the cost of the countermeasure itself, not the net monetary value earned after accounting for loss reduction.
- C. $140,000 does not correspond to any correct step in the ALE-based quantitative risk formula and conflates multiple values incorrectly.
- D. $200,000 is the original ALE before any countermeasures were applied, not the value earned from implementing them.
Concept tested. Quantitative risk analysis - ALE, ARO, countermeasure value calculation
Reference. https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final
Community Discussion
No community discussion yet for this question.