The answer is Option B, because its large reduction in annual loss outweighs the higher implementation cost. To calculate net annual financial benefit, you subtract the annual implementation cost from the annual loss reduction; here, a $150,000 loss reduction minus a $75,000 cost yields a $75,000 net benefit, surpassing all other options. This tests your ability to apply cost-benefit analysis to security controls, a core domain of the Security+ SY0-701 exam, where you must compare annualized loss expectancy (ALE) reductions against control expenses. A common trap is choosing the lowest-cost control, but the greatest net benefit often comes from a higher upfront investment that dramatically lowers risk. Remember the mnemonic “Net = Drop minus Cost” to quickly evaluate which control maximizes financial return.
SY0-701 Security Program Management and Oversight Practice Question
This SY0-701 practice question tests your understanding of security program management and oversight. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.
Exhibit
Risk register excerpt for the public payment API
Current estimated annual loss expectancy without additional controls: $260,000
Option A: Tighten change approvals and require admin MFA
Control cost: $40,000
Residual annual loss expectancy: $160,000
Option B: Implement active-active failover between regions
Control cost: $120,000
Residual annual loss expectancy: $40,000
Option C: Purchase cyber insurance for the service
Control cost: $25,000
Residual annual loss expectancy: $220,000
Option D: Add manual fallback processing and user training
Control cost: $10,000
Residual annual loss expectancy: $210,000
Based on the exhibit, which control option provides the greatest net annual financial benefit for the organization?
Risk register excerpt for the public payment API
Current estimated annual loss expectancy without additional controls: $260,000
Option A: Tighten change approvals and require admin MFA
Control cost: $40,000
Residual annual loss expectancy: $160,000
Option B: Implement active-active failover between regions
Control cost: $120,000
Residual annual loss expectancy: $40,000
Option C: Purchase cyber insurance for the service
Control cost: $25,000
Residual annual loss expectancy: $220,000
Option D: Add manual fallback processing and user training
Control cost: $10,000
Residual annual loss expectancy: $210,000
A
Option A, because it reduces loss enough to justify the control cost better than the smaller controls.
Why wrong: Option A is effective, but its savings are smaller than Option B's savings once cost is included.
B
Option B, because its large reduction in annual loss outweighs the higher implementation cost.
Option B reduces annual loss expectancy from $260,000 to $40,000, creating $220,000 in annual savings before cost. After subtracting the $120,000 control cost, it still delivers the highest net benefit among the choices. Quantitative risk decisions should compare expected loss reduction against implementation cost, and this option provides the strongest financial return.
C
Option C, because transferring the risk is always cheaper than engineering a technical fix.
Why wrong: Insurance transfers some financial impact, but the residual annual loss remains high and the overall benefit is much lower.
D
Option D, because low upfront cost makes it the most economical option regardless of residual loss.
Why wrong: Option D is cheap, but it barely reduces the expected annual loss, so its net benefit is far below the better controls.
Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.
Correct answer & explanation
✓
Option B, because its large reduction in annual loss outweighs the higher implementation cost.
Option B is correct because it provides the greatest net annual financial benefit. The annual loss reduction of $150,000 minus the annual implementation cost of $75,000 yields a net benefit of $75,000, which is higher than any other option. This demonstrates that a larger upfront investment can be justified when the reduction in annualized loss expectancy (ALE) significantly outweighs the control cost.
Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Answer analysis
Option-by-option breakdown
For each option: why learners choose it and why it is or isn't the right answer here.
✗
Option A, because it reduces loss enough to justify the control cost better than the smaller controls.
Why it's wrong here
Option A is effective, but its savings are smaller than Option B's savings once cost is included.
✓
Option B, because its large reduction in annual loss outweighs the higher implementation cost.
Why this is correct
Option B reduces annual loss expectancy from $260,000 to $40,000, creating $220,000 in annual savings before cost. After subtracting the $120,000 control cost, it still delivers the highest net benefit among the choices. Quantitative risk decisions should compare expected loss reduction against implementation cost, and this option provides the strongest financial return.
Related concept
Read the scenario before looking for a memorised answer.
✗
Option C, because transferring the risk is always cheaper than engineering a technical fix.
Why it's wrong here
Insurance transfers some financial impact, but the residual annual loss remains high and the overall benefit is much lower.
✗
Option D, because low upfront cost makes it the most economical option regardless of residual loss.
Why it's wrong here
Option D is cheap, but it barely reduces the expected annual loss, so its net benefit is far below the better controls.
Common exam traps
Common exam trap: answer the scenario, not the keyword
The trap here is that candidates often choose the option with the lowest implementation cost (Option D) or the highest loss reduction (Option A) without calculating the net benefit, failing to recognize that the greatest net financial benefit comes from the optimal balance between cost and loss reduction, not from minimizing cost or maximizing reduction alone.
Detailed technical explanation
How to think about this question
This question is based on quantitative risk analysis using Annualized Loss Expectancy (ALE) = Single Loss Expectancy (SLE) × Annual Rate of Occurrence (ARO). The net annual financial benefit of a control is calculated as (ALE before control - ALE after control) - Annual Cost of Control. In real-world scenarios, organizations often use a cost-benefit analysis spreadsheet to compare multiple controls, factoring in not just direct costs but also implementation overhead, maintenance, and residual risk. For example, a SIEM solution may have high upfront cost but drastically reduce mean time to detect (MTTD) and thus lower ALE from data breaches.
KKey Concepts to Remember
Read the scenario before looking for a memorised answer.
Find the constraint that changes the correct option.
Eliminate answers that are true in general but not in this case.
TExam Day Tips
→Watch for words such as best, first, most likely and least administrative effort.
→Review why wrong options are wrong, not only why the correct option is correct.
Key takeaway
Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.
Real-world example
How this comes up in practice
A security analyst at a medium-sized enterprise encounters this scenario during an investigation or architecture review. The correct answer reflects best practice for the specific threat or control described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Security exam questions test whether you can match controls to threats in context — not just recall definitions.
Related glossary terms
Concepts from this question explained
These glossary pages explain the core terms tested in this SY0-701 question in full detail.
Security Program Management and Oversight — This question tests Security Program Management and Oversight — Read the scenario before looking for a memorised answer..
What is the correct answer to this question?
The correct answer is: Option B, because its large reduction in annual loss outweighs the higher implementation cost. — Option B is correct because it provides the greatest net annual financial benefit. The annual loss reduction of $150,000 minus the annual implementation cost of $75,000 yields a net benefit of $75,000, which is higher than any other option. This demonstrates that a larger upfront investment can be justified when the reduction in annualized loss expectancy (ALE) significantly outweighs the control cost.
What should I do if I get this SY0-701 question wrong?
Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.
What is the key concept behind this question?
Read the scenario before looking for a memorised answer.
About these practice questions
Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
This SY0-701 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SY0-701 exam.
Question Discussion
Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.
Sign in to join the discussion.