CompTIA Security+ (SY0-501) — Question 369

A Chief Information Officer (CIO) asks the company's security specialist if the company should spend any funds on malware protection for a specific server. Based on a risk assessment, the ARO value of a malware infection for a server is 5 and the annual cost for the malware protection is $2500.
Which of the following SLE values warrants a recommendation against purchasing the malware protection?

Answer options

• A. $500
• B. $1000
• C. $2000
• D. $2500

Correct answer: A

Explanation

The correct answer is A, as the SLE (Single Loss Expectancy) must be less than the cost of the malware protection to justify not purchasing it. In this case, with an ARO of 5, the SLE would be $2500 (5 x $500), making $500 the only value that is lower than the $2500 cost of protection, thus warranting a recommendation against buying it. The other options ($1000, $2000, and $2500) all exceed the cost of protection, which would make purchasing it advisable.