CompTIA CASP+ (CAS-003) — Question 89

A legacy web application, which is being used by a hospital, cannot be upgraded for 12 months. A new vulnerability is found in the legacy application, and the networking team is tasked with mitigation. Middleware for mitigation will cost $100,000 per year. Which of the following must be calculated to determine ROI?
(Choose two.)

Answer options

• A. ALE
• B. RTO
• C. MTBF
• D. ARO
• E. RPO

Correct answer: A, D

Explanation

To calculate ROI, you need to determine the Annual Loss Expectancy (ALE), which estimates potential losses from the vulnerability over a year, and the Annual Rate of Occurrence (ARO), which assesses how often the threat is expected to occur. RTO, MTBF, and RPO are not directly related to ROI calculations for this scenario.