Risk Analysis — CISSP Practice Questions
Risk analysis is the process of identifying threats and vulnerabilities, estimating the likelihood and impact of adverse events, and calculating the resulting risk to organizational assets. The CISSP exam tests both quantitative approaches, which use numerical values such as Annualized Loss Expectancy, Exposure Factor, and Asset Value, and qualitative approaches that use ordinal scales and expert judgment. Candidates must be able to calculate ALE from SLE and ARO and interpret the results to support cost-benefit analysis of security controls. Risk analysis outputs feed directly into risk treatment decisions and are foundational to the Security and Risk Management domain, the largest weighted domain on the CISSP exam.
Free questions on risk analysis
What is the primary goal of risk management?
Free question · easy · full answer + explanation
More risk analysis questions in the full bank
- What is qualitative risk analysis? Unlock answer & explanation →
- What is a threat model and how is it developed? Unlock answer & explanation →
- An organization conducts a qualitative risk assessment. Which approach is MOST appropriate for this assessment method? Unlock answer & explanation →