CSSLP Question #371: Real Exam Question with Answer & Explanation

Question

A regional insurer is evaluating methods for assessing threats across its cloud environment. What is qualitative risk assessment primarily used for?

Options

• ATo decide which technology platforms to adopt
• BTo compute estimated monetary loss figures
• CTo plan and organize testing activities for deployments
• DTo rank and prioritize organizational responses to identified risks

Explanation

Qualitative risk assessment focuses on subjectively evaluating and comparing risks based on their likelihood and impact using descriptive scales. Its primary purpose is to categorize and prioritize risks to guide subsequent mitigation efforts.

Common mistakes.

• A. Deciding which technology platforms to adopt is a strategic decision influenced by many factors including risk, but not the primary direct output of a qualitative risk assessment.
• B. Computing estimated monetary loss figures is the domain of quantitative risk assessment, which assigns specific financial values to risks, unlike qualitative assessment.
• C. Planning and organizing testing activities for deployments is part of the development lifecycle and quality assurance, not the primary output of a risk assessment.

Concept tested. Qualitative risk assessment purpose

No community discussion yet for this question.