CompTIA Security Plus Mock Test Q376

Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. This database contains 250 records with PII. Studies show that the cost per record for a breach is $300. The likelihood that their database would be breached in the next year is only 5%. Which of the following is the ALE that Sara should report to management for a security breach?

A. $1,500
B. $3,750
C. $15,000
D. $75,000

Correct Answer: B
Section: Compliance and Operational Security

Explanation:
SLE × ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the annualized rate of occurrence.
SLE = 250 x $300; ARO = 5%
$75000 x 0.05 = $3750

Incorrect Answers:
A: A $1500 amount assumes a breach likelihood of 2%.
C: A $15000 amount assumes that the likelihood of a breach is 20%.
D: $75000 would be the single loss expectancy.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 5-6