Which of the following should the engineer report as the ARO for successful breaches?
A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.
Which of the following should the engineer report as the ARO for successful breaches?
A . 0.5
B . 8
C . 50
D . 36,500
Answer: A
Explanation:
Reference: https://blog.netwrix.com/2020/07/24/annual-loss-expectancy-and-quantitative-risk-analysis/
The ARO (annualized rate of occurrence) for successful breaches is the number of times an event is expected to occur in a year. To calculate the ARO for successful breaches, the engineer can divide the number of breaches by the number of years. In this case, the company’s data has been breached two times in four years, so the ARO is 2 / 4 = 0.5. The other options are incorrect calculations.
Verified Reference:
https://www.comptia.org/blog/what-is-risk-management
https://partners.comptia.org/docs/default-source/resources/casp-content-guide
Latest CAS-004 Dumps Valid Version with 128 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund