Q: 5
What does the result of Cost-Benefit Analysis (C8A) on new security initiatives provide?
Options
Discussion
Doesn't CBA just create a justification for management, not actual acceptance like D?
Its A. Cost-Benefit Analysis gives you quantifiable justification for security spending, not formalized acceptance like D. That trap always comes up on CISSP stuff but the CBA itself only gives numbers/data to help management decide. Pretty sure about this, but let me know if I'm missing something.
D is a distractor, not what CBA produces. It should be A but open to other views if I'm off.
I see why some pick D for formal acceptance, but the CBA itself doesn't decide anything, it just delivers numbers and justification for decision makers. So I'd say A makes more sense because that's what CBA actually produces. Still a little unsure if I'm overthinking the wording, agree?
A , this matches what the official guide stresses and I’ve seen similar in practice exams.
Its A. D trips people up but CBA's output is just quantifiable justification, not the formal acceptance step.
A , similar question was on my last practice set and it was always about quantifiable justification.
A makes the most sense here. Cost-Benefit Analysis is all about showing management a clear, financial reason to approve (or reject) a security investment-so it's the quantifiable justification they're after. Risk evaluation (C) is part of doing the CBA but not what gets delivered at the end. Pretty sure A is right, but open to other views if I'm missing something.
Pretty sure A, that's what the official study guide and main exam practice sources say too.
I get why folks are thinking C here. Risk evaluation is definitely part of the process, since you have to know your risks before doing a CBA. So I'd pick C too, since the analysis ends up tying security investments back to risk levels. Might be missing the focus on justifying with numbers though. Anyone got a different take?
Be respectful. No spam.
