CAS-003 Question #793: Real Exam Question with Answer & Explanation

The correct answer is C: Filter GHI. This question requires applying the risk-based budgeting concept where the maximum justifiable spend on a control equals the risk reduction it provides (i.e., the Annualized Loss Expectancy it mitigates minus the cost of the control). The referenced table, though not reproduced i

Question

A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system: Which of the following meets the budget needs of the business?

Exhibit

Options

AFilter ABC
BFilter XYZ
CFilter GHI
DFilter TUV

Explanation

This question requires applying the risk-based budgeting concept where the maximum justifiable spend on a control equals the risk reduction it provides (i.e., the Annualized Loss Expectancy it mitigates minus the cost of the control). The referenced table, though not reproduced in the question text, presents each filter's cost against the financial risk it mitigates. Filter GHI represents the option whose implementation cost falls within the calculated maximum budget - meaning the reduction in expected losses equals or exceeds the cost of the filter, making it financially justifiable. Filters that cost more than the ALE they prevent (such as ABC, XYZ, or TUV in this scenario) cannot be justified solely on a cost-benefit basis.

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice