nerdexam
ExamsCAS-002Questions#786
CompTIA

CAS-002 · Question #786

CAS-002 Question #786: Real Exam Question with Answer & Explanation

The correct answer is B: Second quote. Calculating the 3-year total cost of ownership for each quote shows the second quote is cheapest at $48,600, providing greater savings than the $50,000 baseline and the other two options.

Question

A company with 2000 workstations is considering purchasing a HIPS to minimize the impact of a system compromise from malware. Currently, the company projects a total cost of $50,000 for the next three years responding to and eradicating workstation malware. The Information Security Officer (ISO) has received three quotes from different companies that provide HIPS. - The first quote requires a $10,000 one-time fee, annual cost of $6 per workstation, and a 10% annual support fee based on the number of workstations. - The second quote requires a $15,000 one-time fee, an annual cost of $5 per workstation, and a 12% annual fee based on the number of workstations. - The third quote has no one-time fee, an annual cost of $8 per workstation, and a 15% annual fee based on the number of workstations. Which solution should the company select if the contract is only valid for three years?

Options

  • AFirst quote
  • BSecond quote
  • CThird quote
  • DAccept the risk

Explanation

Calculating the 3-year total cost of ownership for each quote shows the second quote is cheapest at $48,600, providing greater savings than the $50,000 baseline and the other two options.

Common mistakes.

  • A. The first quote totals $49,600 over three years ($10,000 + $13,200 x 3), which is $1,000 more than the second quote, making it a less cost-effective choice.
  • C. The third quote totals $55,200 over three years ($18,400 x 3 with no one-time fee), exceeding both the current $50,000 remediation spend and the other two vendor quotes.
  • D. Accepting the risk means continuing to spend the projected $50,000 over three years on malware remediation, which is $1,400 more expensive than purchasing the second quote's HIPS solution.

Concept tested. Security investment TCO and cost-benefit analysis

Reference. https://csrc.nist.gov/publications/detail/sp/800-55/rev-2/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice