CompTIA CASP+ (CAS-004) — Question 92

A security engineer estimates the company's popular web application experiences 100 attempted breaches per day. In the past four years, the company's data has been breached two times.
Which of the following should the engineer report as the ARO for successful breaches?

Answer options

• A. 0.5
• B. 8
• C. 50
• D. 36,500

Correct answer: A

Explanation

The ARO is calculated by taking the total number of successful breaches over a specific time period and dividing it by that time period in years. In this case, with 2 breaches over 4 years, the ARO is 2 breaches / 4 years = 0.5. The other options incorrectly calculate the frequency of breaches based on different assumptions or time frames.