PrepAway - Latest Free Exam Questions & Answers

Which of the following statements pertaining to quantit…

Which of the following statements pertaining to quantitative risk analysis is NOT true?

PrepAway - Latest Free Exam Questions & Answers

A.
Portion of it can be automated

B.
It involves complex calculations

C.
It requires a high volume of information

D.
It requires little experience to apply

Explanation:
A quantitative risk analysis is used to assign monetary and numeric values to all elements of the risk analysis
process. Each element within the analysis (asset value, threat frequency, severity of vulnerability, impact
damage, safeguard costs, safeguard effectiveness, uncertainty, and probability items) is quantified and entered
into equations to determine total and residual risks. It is more of a scientific or mathematical approach to risk
analysis compared to qualitative.
Quantitative risk analysis does require knowledge and experience to perform. Therefore, the statement “It
requires little experience to apply” is false.
Incorrect Answers:
A: A portion of the quantitative risk analysis process can be automated by using quantitative risk analysis tools.
B: Quantitative risk analysis does involve complex calculations.
C: Quantitative risk analysis does require a high volume of information.

Harris, Shon, All In One CISSP Exam Guide, 6th Edition, McGraw-Hill, New York, 2013, p. 86


Leave a Reply