CompTIA
CAS-002 · Question #844
CAS-002 Question #844: Real Exam Question with Answer & Explanation
The correct answer is A: -$30,000. The 3-year ROI is -$30,000 because the $150,000 in incident savings is outweighed by the $180,000 total SIEM subscription cost.
Question
A security manager is looking into the following vendor proposal for a cloud-based SIEM solution. The intention is that the cost of the SIEM solution will be justified by having reduced the number of incidents and therefore saving on the amount spent investigating incidents. Proposal: External cloud-based software as a service subscription costing $5,000 per month. Expected to reduce the number of current incidents per annum by 50%. The company currently has ten security incidents per annum at an average cost of $10,000 per incident. Which of the following is the ROI for this proposal after three years?
Options
- A-$30,000
- B$120,000
- C$150,000
- D$180,000
Explanation
The 3-year ROI is -$30,000 because the $150,000 in incident savings is outweighed by the $180,000 total SIEM subscription cost.
Common mistakes.
- B. $120,000 does not correspond to any valid combination of the given cost and savings figures.
- C. $150,000 represents only the gross savings from incident reduction over three years without subtracting the total cost of the SIEM subscription.
- D. $180,000 is the total 3-year subscription cost of the SIEM solution, not the net ROI.
Concept tested. Security investment ROI and cost-benefit calculation
Reference. https://csrc.nist.gov/publications/detail/sp/800-55/rev-1/final
Community Discussion
No community discussion yet for this question.