nerdexam
GIAC

GSEC · Question #73

GSEC Question #73: Real Exam Question with Answer & Explanation

The correct answer is B. Qualitative. Qualitative risk assessments categorize risk using descriptive labels such as low, medium, or high, rather than numerical values.

Question

Which type of risk assessment results are typically categorized as low, medium, or high-risk events?

Options

  • ATechnical
  • BQualitative
  • CManagement
  • DQuantitative

Explanation

Qualitative risk assessments categorize risk using descriptive labels such as low, medium, or high, rather than numerical values.

Common mistakes.

  • A. Technical is not a recognized category of risk assessment methodology.
  • C. Management is not a type of risk assessment - it refers to a stakeholder group, not a methodology.
  • D. Quantitative risk assessment uses numerical values such as dollar amounts and probability percentages, not categorical labels like low/medium/high.

Concept tested. Qualitative vs quantitative risk assessment methodology

Reference. https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GSEC Practice