Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
The asset value is $1,500. Some hacker is likely to attack once per month. The likelihood of a successful attack is 25%. The Single Loss Expectancy (SLE) is 100% of the $1,500 asset value. The cost of an adequate security implementation is $2,000 / year. Which of the following options should be selected, and why?
Implement security actions, because ALE = $6,000 per year and security payment = $2,000 per year.
Implement security actions, because ALE = $4,500 per year and security payment = $2,000 per year.
Do not Implement security actions, because ALE = $1,500 per year and security payment = $2,000 per year.
Do not Implement security actions, because ALE = $6,000 per year and security payment = $8,000 per year.
ARO (Annual rate occurrence) = 12 (months) * 0.25 (likelihood) = 3 times per year. SLE (Single loss expectancy) = $1,500. ALE (annual loss expectancy) = SLE * ARO = $4,500. Payment per year = $2,000, as explained in text. SUGGESTION** - Successful attack has no bearing on the loss. It should be said that the asset will suffer a complete loss in the event of a successful attack of which the likelihood is 25%.
Simple formula is here..
ALE = AV * EF * ARO. AV is 1500. EF is a likelihood (25%). and ARO is 12 (once a month or 12 times a year).
This implies ALE = 1500 * (25/100) * 12 = $4500.
This means when an attack happens the loss is $4500. It is better to implement a control with $2000 than lose $4500.
EDIT: Modified answers to match $ sign notations. Not sure where 1000$ is used.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.