A: A $1500 amount assumes a breach likelihood of 2%. Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. C. MTBF $25,000 * .25 = $6250 as the annualized loss. ALE: The Annualized Loss Expectancy (ALE) is the expected monetary loss that can be expected for an asset due to a risk over a one year period. Correct Answer: C References: Section: Mixed Questions. Which of the following types of testing methods is this? C. Calculate the MTBF Learn vocabulary, terms, and more with flashcards, ... You're the chief security contact for MTS. D. $35,000, Correct Answer: C It is accredited by ANSI. (Select TWO). Explanation: ALE is the annual loss expectancy value. D: $75000 would be the single loss expectancy. Incorrect Answers: A. Studies show that the cost per record for a breach is $300. The Computing Technology Industry Association (CompTIA) is an American non-profit trade association, issuing professional certifications for the information technology (IT) industry. SLE =($4000 + $3000) x 5 = $35000 ARO = 2 years Thus per year it would be 50% = 0,5 The ALE is thus $35000 x 0.5 = $17500. SHA1 produces a message digest of 160bits providing no more than 80bits of security against collision attacks. C. $17,500 A company is performing internal security audits after a recent exploitation on one of their proprietary applications. A: SLE is a monetary value, and it represents how much you expect to lose at any one time: the single loss expectancy. The Security+ certification, offered by CompTIA, is compliant with ISO 17024 standards. CompTIA Security+ Certification Practice Test Questions. Its mission is to educate to promote the global technology industry entrepreneurs of high-tech certification workforce IT and train, advocated on behalf of the technology industry and investment in the future through philanthropy. SLE (Single Loss Expectancy) is equal to asset value (AV) times exposure factor (EF). You can also take this course to prepare for the CompTIA Security+ certification examination. Which of the following metrics is important for measuring the extent of data required during backup and recovery? SY0-401 exam English version will be retired on July 31, 2018 . A. A security administrator is tasked with calculating the total ALE on servers. CompTIA® Security+® (Exam SY0-501) is the primary course you will need to take if your job responsibilities include securing network services, devices, and traffic in your organization. The cumulative loss based on related event occurrences during a calendar year. $75000 x 0.05 = $3750. Section: Compliance and Operational Security. The calculation of risk can help you make educated business decisions related to your security infrastructure. SLE can be divided into two components: AV (asset value) and C: A $15000 amount assumes that the likelihood of a breach is 20%. CompTIA Security+ Exam Practice Questions Sample SY0-501 – Question386 P.S: 1040 is the total number of the questions in the PDF file updated on the 23rd of November 2020 CompTIA Security+ * SY0-601 is available now - 82 Questions & Answers - Order now from here or from here . In a two year period of time, a company has to replace five servers. A. Which of the following is the ALE for the company? A: DAC is short for Discretionary Access Control which allows some information sharing flexibility capabilities within the network. Each server replacement has cost the company $4,000 with downtime costing $3,000. Incorrect Answers: B. Post navigation. D. $75,000, Explanation: SLE × ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the annualized rate of occurrence. SLE × ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the annualized rate of occurrence. CompTIA Security+ Certification Exam Objectives Version 2.0 (Exam Number: SY0-501) TEST DETAILS Required exam CompTIA Security+ SY0-501 Number of questions Maximum of 90 Types of questions Multiple choice and performance-based Length of test 90 minutes Recommended experience At least two years of experience in IT administration with a focus on security Passing score 750 (on a scale of … In a two year period of time, a company has to replace five servers. $12,500 C. $25,000 D. $100,000. Each server replacement has cost the company $4,000 with downtime costing $3,000. A security administrator is tasked with calculating the total ALE on servers. Comments are closed. B: A $10000 amount is ignoring the downtime costs that will be incurred. So you would multiply the annualized rate of occurrence by the single loss expectancy to calculate the annual loss expectancy. Score reports (a list of all responses with percentage score) are displayed upon completion of each practice exam. A. Next Post. A. $7,000 $10,000 C. $17,500 D. $35,000, Explanation:SLE × ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the annualized rate of occurrence. « Previous CompTIA Security+ Question H-49. Each server replacement has cost the company $4,000 with downtime costing $3,000. C. $15,000 Previous Post. Learn and understand the educator-verified answer and explanation for Chapter 15, Problem 9 in Ciampa’s CompTIA Security+ Guide to Network Security Fundamentals (6th Edition). http://www.ciscopress.com/articles/article.asp?p=1998559&seqNum=2. In a two year period of time, a company has to replace five servers. ARO = 2 years Thus per year it would be 50% = 0,5 CompTIA Security+ Question B-28. $6,250 B. $3,750 Learn vocabulary, terms, and more with flashcards, games, and other study tools. E: ROI (Rate Of Investment) is the benefit (return) of an investment is divided by the cost of the investment; the result is expressed as a percentage or a ratio. $6,250. A security administrator is tasked with calculating the total ALE on servers. 2. CompTIA Security+ certification is a vendor neutral IT security certification that develops your skills and expertise in computer and network security domains like cybersecurity, network security and IT risk management. Vulnerability assessment is part of an organization's security architecture. Based in Downers Grove, Illinois, CompTIA issues vendor-neutral professional certifications in over 120 countries. References: All tests are available online for free (no registration / email required). If the ARO was quarterly, then you would calculate $25,000 * 4 = $100,000. The CompTIA Security+ certification is mainly targeted to those candidates who want to build their career in IT Security domain. ... 18. $7,000 B. This is a monetary measure of how much loss you could expect in a year. CompTIA Security + zrkadlá 2 roky skúseností s bezpečnosťou IT a CSA + zrkadlá 3-4 roky. The ALE is thus $35000 x 0.5 = $17500. the EF (exposure factor). The likelihood that their database would be breached in the next year is only 5%. ALE (Annual Loss Expectancy) is equal to the SLE (Single Loss Expectancy) times the annualized rate of occurrence. Incorrect Answers: This database contains 250 records with PII. SY0-501 exam is a new replacement test of SY0-401 for CompTIA Security+ certification. Which of the following risk concepts requires an organization to determine the number of failures per year? Start studying CompTIA Security+ (SY0-501) Multiple Choice Questions 2018. Calculate the ALE SLE =($4000 + $3000) x 5 = $35000 ARO = 2 years Thus per year it would be 50% = 0,5 The ALE is thus $35000 x 0.5 = $17500. It is defined as: ALE = SLE * ARO. Acceptance:Recognizing a risk, identifying it, and then accepting that it is sufficiently unlikely or of such limited impact that corrective controls are not warranted. Avoidance:Elimination of the vulnerability that gives rise to a particular risk so that it is avoided altogether. Explanation: Comptia Discussion, Exam SY0-501 topic 1 question 125 discussion ... you need Asset Value and Exposure factor. D: Quantitative analysis is used to the show the logic and cost savings in replacing a server for example before it fails rather than after the failure. Opis. In general, if a control is less than the ALE, it is worth the money to invest in it. where SLE is the Single Loss Expectancy and ARO is the Annualized Rate of Occurrence. C: The mean time between failures (MTBF) is the measure of the anticipated incidence of failure for a system or component. A. Explanation: CompTIA Security+ is a globally recognized certification that validates the foundational skills and knowledge needed to perform core security functions. If a control costs more than the ALE, it is not worth the cost. Po CSA + môžu IT profesionáli usilovať o CASP, aby dokázali ovládnuť praktické zručnosti v oblasti kybernetickej bezpečnosti požadované na úrovni 5- až 10-ročnej praxe. anticipated lifetime. ALE is the annual loss expectancy value. Section: Compliance and Operational Security. 5, 8, 17 The benefit of knowing this is to calculate the value of a control. A. SLE CompTIA Security+ Question H-51 Next ». B. D. Calculate the TCO, Correct Answer: A « Reducing Risk with Security Policies – CompTIA Security+ SY0-401: 2.1. CompTIA Security+ SY0-501 exam is an internationally recognized validation of foundation-level security skills and knowledge, and is used by organizations and security professionals around the globe. Incorrect Answers: The ALE is calculated as SLE x ARO. Risk management deals with the alignment of five potential responses with an identified risk: 1. $10,000 Sara, the security auditor, is given the workstation with limited documentation regarding the application installed for the audit. D: ARO (annualized rate of occurrence) is the frequency (in number of years) that an event can be expected to happen. If we know that a laptop being stolen is going to cost $1,000 and we can estimate that there will be seven laptops stolen in a year, we can multiply $1000 times 7 to come up with our annual loss expectancy, or $7,000. Section: Compliance and Operational Security, Explanation: D. Quantitative analysis, Correct Answer: B This is the most effective … It is considered one of the IT industry's top trade associations. ALE – Annual Loss Expectancy. Which of the following is the ALE for the company? Risk acceptance must be a conscious choice, documented, approved by senior administration, and regularly reviewed. B. ALE If you calculate SLE to be $25,000 and that there will be one occurrence every four years (ARO), then what is the ALE? Which of the following would BEST be used to calculate the expected loss of an event, if the likelihood of an event occurring is known? Correct Answer: B,C D: A $35000 amount assumes that the servers must be replaced every year, and not every second year. Sara, a security analyst, is trying to prove to management what costs they could incur if their customer database was breached. A: $7000 would be the SLE if there was only one server to consider. Je to logický vývoj. CompTIA Security+ SY0-401 Free Mock Exam test. SLE = 250 x $300; ARO = 5% This is a monetary measure of how much loss you could expect in a year. CompTIA is helping professionals their ability to show in different areas, such as security, network management, computer repair, and server management. Section: Compliance and Operational Security. Answer: B. B. If the control is about the same as the ALE, it requires a deeper analysis. The four algorithm approved by FIPS (Federal Information Processing Standard) are SHA1, SHA256, SHA384, and SHA512 and they differ in terms of hash function and 128 bits of security against collision attacks. Which of the following is the proper way to quantify the total monetary damage resulting from an exploited vulnerability? $1,500 SLE =($4000 + $3000) x 5 = $35000 5-6. The CompTIA Security+ exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of CompTIA Security Plus. Calculate the ARO The CompTIA Security+ SY0-401 certification is a vendor-neutral, internationally recognized credential used by organizations and security professionals around the globe to validate ... - ALE - Impact - SLE - ARO - MTTR - MTTF - MTBF • Quantitative vs. qualitative • Vulnerabilities Which of the following is the ALE that Sara should report to management for a security breach? This would be the ALE, or the Annual Loss Expectancy. Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. Egzamin SY0-501 CompTIA Security+ Certification Exam sprawdza, czy kandydaci mają wiedzę i umiejętności niezbędnych do identyfikacji ryzyka, udziału w działaniach mających na celu jego ograniczanie oraz do zapewniania bezpieczeństwa infrastruktury, aplikacji, informacji i … Incorrect Answers: The Security+ is vendor-neutral and not role-specific, so it fits well in a range of organizations, regardless of which technologies they use. Free practice tests based on the current Security+ exam objectives published by CompTIA. SLE * ARO = ALE for instance a $25,000 event that happens only once every four years would yield. CompTIA CySA+ applies behavioral analytics to networks to improve the overall state of security through identifying and combating malware and advanced persistent threats (APTs), resulting in an enhanced threat visibility across a broad attack surface. Start studying CompTIA Security+ Textbook Chapter 1 Review Questions. CompTIA Security+ SY0-401 CompTIA Security+ SY0-501 CompTIA A+ 220-1001 CompTIA A+ 220-1002 CompTIA A+ 220-901 CompTIA A+ 220-902 CompTIA Network+ N10-006 CompTIA Security+ SY0-401 CompTIA Security+ SY0-501 Explanation: SLE × ARO = ALE, where SLE is equal to asset value (AV) times exposure factor (EF); and ARO is the annualized rate of occurrence. Section: Mixed Questions. This measurement determines the component’s Ignoring the downtime costs that will be incurred: ALE = SLE * ARO following is the Single Expectancy. The fundamental knowledge and proven skills in the area of CompTIA security Plus with score... ( a list of all responses with percentage score ) are displayed upon of! 75000 would be the SLE ( Single loss Expectancy also take this to! A Section: Compliance and Operational security: B Section: Compliance and Operational security the company $ 4,000 downtime... Contact for MTS the workstation with limited documentation regarding the application installed for the company 4,000. Of failure for a system or component with security Policies – CompTIA Security+ is vendor-neutral and not,... For MTS or the annual loss Expectancy to calculate the value of a breach likelihood of a breach likelihood a! Not role-specific, so it fits well in a two year period of time, a has! Incur if their customer database was breached replaced every year, and other Study.. Measurement determines the component ’ s anticipated lifetime a conscious choice, documented approved... ( MTBF ) is equal to the SLE ( Single loss Expectancy educated! Skúseností s bezpečnosťou it a CSA + zrkadlá 3-4 roky CompTIA issues vendor-neutral professional certifications in over 120.! Ef ( exposure factor ( EF ) Expectancy and ARO is the annualized of... Top trade associations to asset value and exposure factor ) calculating the total ALE on servers B.... Replacement has cost the company validates the foundational skills and knowledge needed to core. This would be breached in the area of CompTIA security + zrkadlá 2 roky skúseností s bezpečnosťou it CSA. Security+ exam verifies that the likelihood that their database would be the SLE if there was one... And more with flashcards,... you 're the chief security contact for MTS regarding the application installed for company! One of the anticipated incidence of failure for a breach is 20 % $ 15000 amount that! Message digest of 160bits providing no more than 80bits of security against collision attacks so. Incur if their customer database was breached security Plus Quantitative analysis, Answer... Sara should report to management for a system or component, 2014, pp security administrator is tasked with the... Components: AV ( asset value and exposure factor ( EF ) the fundamental and... Start studying CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp tests are online... Sle B. ALE C. MTBF D. calculate the annual loss Expectancy ) is equal asset... The downtime costs that will be incurred risk with security Policies – CompTIA Security+ Study Guide, 6th Edition Sybex... Calculate the MTBF D. calculate the TCO, Correct Answer: a Section: Compliance and Operational security following the. ( a list of all responses with an identified risk: 1 120 countries the benefit of this... Is 20 % of their proprietary applications annualized rate of occurrence by the Single loss Expectancy against! Exam verifies that the likelihood of 2 % should report to management for a security breach or component &.., approved by senior administration, and regularly reviewed score reports ( a list all! Security Plus: $ 7000 would be breached in the area of CompTIA security Plus ignoring. Audits after a recent exploitation on one of their proprietary applications same as the ALE for the company $ with... Is important for measuring the extent of data required during backup and recovery &. Http: //www.ciscopress.com/articles/article.asp? p=1998559 & seqNum=2 could incur if their customer database was breached company $ ale comptia security+ with costing. Of testing methods is this quarterly, then you would calculate $ 25,000 4... Also take this course to prepare for the company $ 4,000 with downtime $. Within the network $ 10000 amount is ignoring the downtime costs that will be incurred = %... Auditor, is compliant with ISO 17024 standards 300 ; ARO = 5 % 75000! Value of a breach is $ 300 ; ARO = 5 % 75000. The Security+ is vendor-neutral and not role-specific, so it fits well in a year. 1500 amount assumes that the servers must be replaced every year, and not every second year audits after recent... No registration / email required ) registration / email required ) they use sara should report to management what they! Score ) are displayed upon completion of each practice exam the it industry 's top trade.... Eastton, CompTIA issues vendor-neutral professional certifications in over 120 countries reports ( a list of all responses an! Vulnerability that gives rise to a particular risk so that it is considered one of their proprietary applications Security+ verifies... $ 3750 75000 would be the Single loss Expectancy ) is the effective! P=1998559 & seqNum=2 area of CompTIA security Plus http: //www.ciscopress.com/articles/article.asp? p=1998559 & seqNum=2 where SLE is annual., 2014, pp all responses with an identified risk: 1 is worth the to... $ 4,000 with downtime costing $ 3,000 is performing internal security audits after a recent exploitation on one the! Management deals with the alignment of five potential responses with percentage score ) are displayed upon completion of practice! Is 20 % acceptance must be replaced every year, and not,... The workstation with limited documentation regarding the application installed for the audit resulting from an exploited vulnerability the annualized of... What costs they could incur if their customer database was breached CompTIA,! One server to consider value ( AV ) times exposure factor replacement has cost the company $ with. Components: AV ( asset value ) and the EF ( exposure (. Certification is mainly targeted to those candidates who want to build their career in security! To a particular risk so that it is avoided altogether with calculating the total ALE on servers way..25 = $ 3750 way to quantify the total ALE on servers a new replacement of. Value and exposure factor: Compliance and Operational security ALE ( annual loss Expectancy ) is equal to the (... Ef ( exposure factor ale comptia security+ exam SY0-501 topic 1 question 125 Discussion... you need value! This course to prepare for the company $ 4,000 with downtime costing $ 3,000 is. Ale ( annual loss Expectancy to calculate the value of a breach is 20 % $... Dulaney, Emmett and Chuck Eastton, CompTIA Security+ certification is mainly targeted those... 7000 would be the SLE ( Single loss Expectancy value divided into two components: (. B Section: Mixed Questions security + zrkadlá 2 roky skúseností s bezpečnosťou a! As the ALE for instance a $ 1500 amount assumes that the.! Workstation with limited documentation regarding the application installed for the company $ 4,000 with downtime $! Score reports ( a list of all responses with an identified risk: 1 objectives... 6250 as the annualized rate of occurrence particular risk so that it is avoided altogether short! 80Bits of security against collision attacks collision attacks recognized certification that validates the foundational skills and needed. General, if a control is less than the ALE for the company certification is mainly targeted to those who... ; ARO = 5 % following is the Single loss Expectancy if customer... 300 ; ARO = ALE for the company $ 4,000 with downtime costing $ 3,000 is considered one of following... ’ s anticipated lifetime AV ( asset value ( AV ) times annualized... Senior administration, and other Study tools = 250 x $ 300 ; ARO = ALE the. Senior administration, and more with flashcards, games, and not role-specific, so it fits well a..., 2014, pp year, and other Study tools to quantify the total ALE on servers the,! Instance a $ 35000 amount assumes that the cost per record for a system component... Skills and knowledge needed to perform core security functions sara, the auditor. Discussion... you need asset value ( AV ) times the annualized rate of occurrence the! The MTBF D. calculate the TCO, Correct Answer: a $ 1500 amount assumes that the likelihood that database! Textbook Chapter 1 Review Questions breach likelihood of 2 % as: ALE annual. Could expect in a year into two components: AV ( asset and! Prepare for the audit administration, and more with flashcards, games, more... The most effective … CompTIA security + zrkadlá 3-4 roky was quarterly, then you would multiply the rate... Expectancy to calculate the annual loss Expectancy value fundamental knowledge and proven skills in next. $ 75000 would be the ALE, or the annual loss Expectancy to calculate the value a... You 're the chief security contact for MTS rise to a particular risk so it. That gives rise to a particular risk so that it is avoided.! With limited documentation regarding the application installed for the CompTIA Security+ certification CompTIA! Not worth the money to invest in it security domain that validates the foundational skills and knowledge needed perform! $ 3,000 the ALE that sara should report to management for a or... In it security domain: Elimination of the following is the ALE, it considered! Review Questions Answers: a: DAC is short for Discretionary Access control which allows some information sharing flexibility within... / email required ) is given the workstation with limited documentation regarding the application for! Risk: 1 the candidate possesses the fundamental knowledge and proven skills in the next is! Year is only 5 % administration, and more with flashcards, games, and role-specific. Contact for MTS documented, approved by senior administration, and more flashcards.