Security Program Management and Oversight
Drill 16 practice questions focused entirely on Security Program Management and Oversight for the CompTIA SY0-701 exam. Tap an answer for instant feedback and a full explanation — no sign-up, always free.
A company owns a data center server valued at $80,000. A risk analyst determines that a flood would destroy 25% of the asset's value, and historical data indicates such a flood occurs approximately once every four years at this location. What is the annualized loss expectancy (ALE) that should be recorded in the risk register?
A financial services company owns a database server valued at $200,000. A risk analyst determines that a ransomware attack would render 40% of the asset's value unusable, and historical data indicates such an attack is likely to occur twice per year. Which value should the analyst record in the risk register as the annualized loss expectancy (ALE) for this scenario?
A financial services company owns a database server valued at $200,000. A risk analyst estimates that a ransomware event would destroy 25% of the asset's value each time it occurs, and historical data suggests such an event happens about twice per year. The security manager needs the annualized loss expectancy (ALE) to justify a proposed backup investment. What is the correct ALE?
A security analyst is conducting a quantitative risk analysis for a database server that stores customer payment information. The server is valued at $45,000, and a successful ransomware attack would result in 60% loss of the asset's value. Historical data indicates that ransomware attacks targeting similar systems in the organization occur approximately 3 times per year. What is the Annualized Loss Expectancy (ALE) for this risk?
A company's financial analysis reveals that a critical database server has an asset value of $120,000. Historical data shows this server experiences a catastrophic failure approximately once every four years. When such failures occur, the company typically loses 40% of the server's value due to data recovery costs, business interruption, and partial hardware replacement. What is the Annualized Loss Expectancy (ALE) for this risk?
A security analyst is performing a quantitative risk analysis for a critical database server. The asset value is $500,000, and a successful ransomware attack would cause 60% damage to the asset. Historical data indicates this type of attack occurs twice per year on average. What is the Annualized Loss Expectancy (ALE) for this risk scenario?
A financial services company is evaluating the risk of a potential cloud provider outage that could disrupt critical trading systems. The annual cost of mitigation controls would be $180,000, while the estimated single loss from an outage is $2,500,000 with an expected occurrence of once every 10 years. The company decides to purchase cyber insurance with a $200,000 annual premium that covers up to $3,000,000 in losses. Which risk management strategy is the company implementing?
A manufacturing company has identified a critical vulnerability in a legacy industrial control system that manages production line operations. The system cannot be patched due to vendor end-of-life, and replacing it would cost $2 million with 18 months downtime. A security analysis estimates the annual loss expectancy at $150,000. The company purchases a cyber insurance policy covering up to $5 million in losses related to this specific system. Which risk management strategy is the company primarily implementing?
A financial services company has identified that ransomware attacks pose a significant threat to their operations. After conducting a risk analysis, they determine the annualized loss expectancy (ALE) is $2.4 million. The company decides to implement offline encrypted backups, endpoint detection and response (EDR) solutions, and security awareness training at a total annual cost of $480,000, which reduces the ALE to $600,000. Which risk management strategy is the company primarily employing?
A healthcare organization has identified a critical vulnerability in its legacy radiology system that could allow ransomware attacks. The system cannot be patched due to vendor end-of-life status, and replacing it would cost $2 million with an 18-month implementation timeline. The organization has determined the annualized loss expectancy (ALE) for a ransomware incident is $800,000. The CISO purchases a cyber insurance policy with ransomware coverage for an annual premium of $150,000. Which risk management strategy is the organization primarily implementing?
A healthcare organization operates a legacy medical imaging system that contains vulnerabilities but cannot be patched because the vendor no longer supports it. The system processes critical patient data daily. Replacing the system would cost $500,000 and take 18 months. A recent risk assessment calculated the annualized loss expectancy (ALE) at $75,000. The organization has implemented network segmentation, strict access controls, and enhanced monitoring around this system. Which risk management strategy has the organization primarily adopted?
A healthcare organization has identified that a legacy medical imaging system contains a critical vulnerability that could expose patient data. The system cannot be patched due to vendor end-of-life status, and replacing it would cost $850,000 with an 18-month implementation timeline. A security assessment determines the annual loss expectancy (ALE) is $45,000. The organization purchases a cyber insurance policy with a $50,000 annual premium that covers losses from this specific risk. Which risk management strategy is the organization implementing?
A financial services company is implementing a formal risk management program. The security team has identified various risks and needs to track them systematically. They want to document each risk's likelihood, potential impact, current mitigation status, and assign accountability. The CISO has asked for a centralized system that will also allow monitoring of metrics indicating when risks are materializing. Which of the following should the security team implement?
A financial services company owns a database server valued at $200,000. A risk analyst determines that a ransomware event would render approximately 40% of the asset's value unusable, and historical data suggests such an event occurs roughly twice per year. Which value represents the annualized loss expectancy (ALE) the analyst should record in the risk register?
A financial services company owns a customer database valued at $500,000. A risk analyst determines that a specific ransomware event would render 40% of the asset unusable, and historical industry data indicates this type of event occurs about twice every five years. Which value represents the annualized loss expectancy (ALE) that the analyst should record in the risk register?
A healthcare organization is finalizing a contract with a cloud service provider that will store and process electronic protected health information (ePHI). The security team wants to ensure they can verify the vendor's security controls and compliance status throughout the contract period. Which contract provision should the organization prioritize to maintain ongoing visibility into the vendor's security posture?
More SY0-701 practice
Keep going with the other CompTIA Security+ (SY0-701) domains, or take a full timed mock exam.
← Back to SY0-701 overview