CompTIA Security Plus Mock Test Q387

Which of the following risk concepts requires an organization to determine the number of failures per year?

A. SLE
B. ALE
C. MTBF
D. Quantitative analysis

Correct Answer: B
Section: Compliance and Operational Security

Explanation:
ALE is the annual loss expectancy value. This is a monetary measure of how much loss you could expect in a year.

Incorrect Answers:
A: SLE is a monetary value, and it represents how much you expect to lose at any one time: the single loss expectancy. SLE can be divided into two components: AV (asset value) and
the EF (exposure factor).
C: The mean time between failures (MTBF) is the measure of the anticipated incidence of failure for a system or component. This measurement determines the component’s
anticipated lifetime.
D: Quantitative analysis is used to the show the logic and cost savings in replacing a server for example before it fails rather than after the failure.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 5, 8, 17
http://www.ciscopress.com/articles/article.asp?p=1998559&seqNum=2