CSSLP Question #241: Real Exam Question with Answer & Explanation

The correct answer is A: Single Loss Expectancy (SLE) X Annualized Rate of Occurrence (ARO). Annualized Loss Expectancy (ALE) is calculated by multiplying the Single Loss Expectancy (SLE), which is the monetary loss from a single event, by the Annualized Rate of Occurrence (ARO), which is how often the event is expected to occur in a year.

Secure Software Concepts

Question

How can you calculate the Annualized Loss Expectancy (ALE) that may occur due to a threat?

Options

ASingle Loss Expectancy (SLE) X Annualized Rate of Occurrence (ARO)
BSingle Loss Expectancy (SLE)/ Exposure Factor (EF)
CAsset Value X Exposure Factor (EF)
DExposure Factor (EF)/Single Loss Expectancy (SLE)

Explanation

Annualized Loss Expectancy (ALE) is calculated by multiplying the Single Loss Expectancy (SLE), which is the monetary loss from a single event, by the Annualized Rate of Occurrence (ARO), which is how often the event is expected to occur in a year.

Common mistakes.

B. Single Loss Expectancy (SLE) divided by Exposure Factor (EF) is not a standard formula for risk assessment; SLE is typically calculated as Asset Value (AV) x Exposure Factor (EF).
C. Asset Value (AV) multiplied by Exposure Factor (EF) calculates the Single Loss Expectancy (SLE), not the Annualized Loss Expectancy (ALE).
D. Exposure Factor (EF) divided by Single Loss Expectancy (SLE) is not a recognized formula in risk assessment.

Concept tested. Quantitative risk assessment - ALE calculation

Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-30r1.pdf

Topics

#Annualized Loss Expectancy (ALE)#Risk Calculation#Quantitative Risk Analysis#SLE and ARO

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions