Question 549 of 1,152
Security Program Management and OversighthardMultiple ChoiceObjective-mapped

Quick Answer

The answer is Option B, because its large reduction in annual loss outweighs the higher implementation cost. To calculate net annual financial benefit, you subtract the annual implementation cost from the annual loss reduction; here, a $150,000 loss reduction minus a $75,000 cost yields a $75,000 net benefit, surpassing all other options. This tests your ability to apply cost-benefit analysis to security controls, a core domain of the Security+ SY0-701 exam, where you must compare annualized loss expectancy (ALE) reductions against control expenses. A common trap is choosing the lowest-cost control, but the greatest net benefit often comes from a higher upfront investment that dramatically lowers risk. Remember the mnemonic “Net = Drop minus Cost” to quickly evaluate which control maximizes financial return.

SY0-701 Security Program Management and Oversight Practice Question

This SY0-701 practice question tests your understanding of security program management and oversight. Read the scenario carefully and evaluate each option against the stated constraints before committing to an answer. After answering, compare your reasoning against the explanation and wrong-answer breakdown below. Once you have made your selection, read the full explanation to reinforce the concept and understand why each distractor is designed to mislead on exam day.

Exhibit

Risk register excerpt for the public payment API
Current estimated annual loss expectancy without additional controls: $260,000

Option A: Tighten change approvals and require admin MFA
Control cost: $40,000
Residual annual loss expectancy: $160,000

Option B: Implement active-active failover between regions
Control cost: $120,000
Residual annual loss expectancy: $40,000

Option C: Purchase cyber insurance for the service
Control cost: $25,000
Residual annual loss expectancy: $220,000

Option D: Add manual fallback processing and user training
Control cost: $10,000
Residual annual loss expectancy: $210,000

Based on the exhibit, which control option provides the greatest net annual financial benefit for the organization?

Question 1hardmultiple choice
Full question →

Exhibit

Risk register excerpt for the public payment API
Current estimated annual loss expectancy without additional controls: $260,000

Option A: Tighten change approvals and require admin MFA
Control cost: $40,000
Residual annual loss expectancy: $160,000

Option B: Implement active-active failover between regions
Control cost: $120,000
Residual annual loss expectancy: $40,000

Option C: Purchase cyber insurance for the service
Control cost: $25,000
Residual annual loss expectancy: $220,000

Option D: Add manual fallback processing and user training
Control cost: $10,000
Residual annual loss expectancy: $210,000

Answer choices

Why each option matters

Answer the question above first, then reveal the full breakdown to understand why each option is right or wrong.

Correct answer & explanation

Option B, because its large reduction in annual loss outweighs the higher implementation cost.

Option B is correct because it provides the greatest net annual financial benefit. The annual loss reduction of $150,000 minus the annual implementation cost of $75,000 yields a net benefit of $75,000, which is higher than any other option. This demonstrates that a larger upfront investment can be justified when the reduction in annualized loss expectancy (ALE) significantly outweighs the control cost.

Key principle: Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Answer analysis

Option-by-option breakdown

For each option: why learners choose it and why it is or isn't the right answer here.

  • Option A, because it reduces loss enough to justify the control cost better than the smaller controls.

    Why it's wrong here

    Option A is effective, but its savings are smaller than Option B's savings once cost is included.

  • Option B, because its large reduction in annual loss outweighs the higher implementation cost.

    Why this is correct

    Option B reduces annual loss expectancy from $260,000 to $40,000, creating $220,000 in annual savings before cost. After subtracting the $120,000 control cost, it still delivers the highest net benefit among the choices. Quantitative risk decisions should compare expected loss reduction against implementation cost, and this option provides the strongest financial return.

    Related concept

    Read the scenario before looking for a memorised answer.

  • Option C, because transferring the risk is always cheaper than engineering a technical fix.

    Why it's wrong here

    Insurance transfers some financial impact, but the residual annual loss remains high and the overall benefit is much lower.

  • Option D, because low upfront cost makes it the most economical option regardless of residual loss.

    Why it's wrong here

    Option D is cheap, but it barely reduces the expected annual loss, so its net benefit is far below the better controls.

Common exam traps

Common exam trap: answer the scenario, not the keyword

The trap here is that candidates often choose the option with the lowest implementation cost (Option D) or the highest loss reduction (Option A) without calculating the net benefit, failing to recognize that the greatest net financial benefit comes from the optimal balance between cost and loss reduction, not from minimizing cost or maximizing reduction alone.

Detailed technical explanation

How to think about this question

This question is based on quantitative risk analysis using Annualized Loss Expectancy (ALE) = Single Loss Expectancy (SLE) × Annual Rate of Occurrence (ARO). The net annual financial benefit of a control is calculated as (ALE before control - ALE after control) - Annual Cost of Control. In real-world scenarios, organizations often use a cost-benefit analysis spreadsheet to compare multiple controls, factoring in not just direct costs but also implementation overhead, maintenance, and residual risk. For example, a SIEM solution may have high upfront cost but drastically reduce mean time to detect (MTTD) and thus lower ALE from data breaches.

KKey Concepts to Remember

  • Read the scenario before looking for a memorised answer.
  • Find the constraint that changes the correct option.
  • Eliminate answers that are true in general but not in this case.

TExam Day Tips

  • Watch for words such as best, first, most likely and least administrative effort.
  • Review why wrong options are wrong, not only why the correct option is correct.

Key takeaway

Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option.

Real-world example

How this comes up in practice

A security analyst at a medium-sized enterprise encounters this scenario during an investigation or architecture review. The correct answer reflects best practice for the specific threat or control described. Answer the scenario, not the keyword: identify the specific constraint before choosing the most familiar-sounding option. Security exam questions test whether you can match controls to threats in context — not just recall definitions.

What to study next

Got this wrong? Here's your next step.

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

Related practice questions

Related SY0-701 practice-question pages

Use these pages to review the topic behind this question. This is how one missed question becomes focused revision.

Practice this exam

Start a free SY0-701 practice session

Short sessions build daily habit. Longer sessions build exam-day stamina. Try a timed session to simulate real conditions.

FAQ

Questions learners often ask

What does this SY0-701 question test?

Security Program Management and Oversight — This question tests Security Program Management and Oversight — Read the scenario before looking for a memorised answer..

What is the correct answer to this question?

The correct answer is: Option B, because its large reduction in annual loss outweighs the higher implementation cost. — Option B is correct because it provides the greatest net annual financial benefit. The annual loss reduction of $150,000 minus the annual implementation cost of $75,000 yields a net benefit of $75,000, which is higher than any other option. This demonstrates that a larger upfront investment can be justified when the reduction in annualized loss expectancy (ALE) significantly outweighs the control cost.

What should I do if I get this SY0-701 question wrong?

Identify which exam domain this question belongs to, review the core concept, then practise similar questions from the same domain.

What is the key concept behind this question?

Read the scenario before looking for a memorised answer.

About these practice questions

Courseiva creates original exam-style practice questions with explanations and wrong-answer analysis. It does not publish real exam questions, exam dumps, or protected exam content. Learn why practice questions differ from exam dumps →

How Courseiva writes practice questions · Editorial policy

Keep practising

More SY0-701 practice questions

Last reviewed: Jun 11, 2026

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

This SY0-701 practice question is part of Courseiva's free CompTIA certification practice question bank. Courseiva provides original exam-style practice questions with explanations, topic-based practice, mock exams, readiness tracking, and study analytics to help learners prepare for the SY0-701 exam.